Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.exe Returns


  • This topic is locked This topic is locked
49 replies to this topic

#1 lovescream

lovescream

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 January 2012 - 10:21 PM

I have run MalwareByte's Anti-Malware Virus scanner dozens of times, each time finding a SVCHOST.exe, but it keeps coming back. So many have been quarantined, but still the problems (computer freezing, not being able to go into internet) continue, if I'm not quick enough to click "Quarantine". Sometimes, when I click on a website on a search engine, it redirects to www.gimmieanswers.org the first time, then the original website the second.

Please help, I have no idea what to do as a computer newb.

Also, when I ran HijackThis and it said "For some reason your system denied access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this." This has never occurred before, so I'm guessing that's where the problem is.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:19:26 PM, on 1/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell V305\dldtmon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Dell V305\dldtMsdMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe
C:\Users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\hp\HP UT LEDM\bin\hppusg.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Google Update] "C:\Users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-18\..\Run: [Smad] "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Smad] "C:\Windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D946C227-0260-468D-B37A-3777880DC02A}: NameServer = 208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldt_device - - C:\Windows\system32\dldtcoms.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14007 bytes

Edited by lovescream, 15 January 2012 - 10:25 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 17 January 2012 - 12:26 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 17 January 2012 - 08:26 PM

While I was trying to run Combofix, it said that my anti-virus/malware scanners, etc, are set to Microsoft Security Essentials, and warned me of risks of not disabling it. I had this scanner before, but it had been corrupted and ran viruses when I tried to run it before. So I had deleted it, and downloaded Malwarebyte's Anti-malware. I have no file of Microsoft Security Essentials, other than that, I had no problems.

My computer right now, is almost the same as before, Malwarebytes preventing SVCHost.exe from doing things every hour or two. I forgot to mention before that, somehow my internet security levels change by themselves to a custom, even though I set them back every time. This never happened before, so I don't think it's a program or some sort of plugin/add-on causing the change.

Right now, malwarebytes has a balloon pop-up saying it's preventing me from redirecting to website: 178.238.233.155, Type:outgoing Port:(changes every time), Process svchost.exe
Before, on google search, it redirected to just "gimmieanswers.com" Now it's redirecting to a whole sorts of similar "search" websites


ComboFix 12-01-17.02 - Donghyeok Kim 01/17/2012 16:52:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6134.4363 [GMT -8:00]
Running from: c:\users\Donghyeok Kim\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 01:00 . 2012-01-18 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 04:57 . 2012-01-17 04:57 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-14 02:48 . 2011-04-04 22:25 49664 ----a-r- c:\windows\system32\HP1100SMs.dll
2012-01-14 02:48 . 2011-04-03 00:12 350720 ----a-w- c:\windows\system32\mvhlewsi.DLL
2012-01-14 02:48 . 2011-04-03 00:05 1696256 ----a-w- c:\windows\system32\HP1100SM.EXE
2012-01-14 00:25 . 2011-04-03 00:05 290304 ----a-w- c:\windows\system32\HP1100LM.DLL
2012-01-14 00:25 . 2011-04-03 00:04 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HP1100PP.dll
2012-01-14 00:17 . 2011-04-04 14:25 20480 ----a-w- c:\windows\system32\drivers\mvusbews.sys
2012-01-14 00:17 . 2011-04-04 14:25 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-14 00:17 . 2011-04-04 14:25 82944 ----a-w- c:\windows\system32\mvusbews.dll
2012-01-14 00:10 . 2011-05-10 18:06 126520 ----a-r- c:\windows\system32\HPSIsvc.exe
2012-01-14 00:10 . 2012-01-14 00:10 -------- d-----w- c:\programdata\HPSSUPPLY
2012-01-14 00:09 . 2012-01-14 00:09 -------- d-----w- c:\program files\HP
2012-01-13 22:07 . 2012-01-13 22:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-13 22:03 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-01-11 00:43 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 00:43 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 00:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 00:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 00:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 00:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 00:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 00:43 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-08 23:45 . 2012-01-08 23:45 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\Screenshot Studio
2012-01-08 23:44 . 2012-01-08 23:44 -------- d-sh--w- c:\programdata\System Restore
2012-01-08 23:44 . 2012-01-08 23:44 -------- d-----w- c:\program files (x86)\Screenshot Studio
2012-01-08 01:18 . 2012-01-08 01:18 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\CheckPoint
2012-01-08 01:17 . 2012-01-08 04:42 -------- d-----w- c:\program files\CheckPoint
2012-01-08 01:17 . 2012-01-08 01:17 -------- d-----w- c:\programdata\CheckPoint
2012-01-08 01:16 . 2012-01-08 04:42 -------- d-----w- c:\program files (x86)\CheckPoint
2012-01-07 00:08 . 2012-01-07 00:08 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Chromium
2012-01-07 00:01 . 2008-10-10 12:52 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-01-07 00:01 . 2008-10-10 12:52 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-01-07 00:01 . 2008-10-10 12:52 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-01-07 00:01 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-01-07 00:01 . 2012-01-08 16:34 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\RenPy
2012-01-05 07:34 . 2012-01-08 16:57 -------- d-----w- c:\program files (x86)\Katawa Shoujo
2012-01-04 02:16 . 2012-01-04 02:16 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\SanctionedMedia
2011-12-29 23:31 . 2011-12-29 23:31 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Macroplant
2011-12-28 04:22 . 2011-12-28 04:22 -------- d-----w- c:\programdata\IDMComp
2011-12-28 04:22 . 2011-12-28 04:22 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\IDMComp
2011-12-28 04:18 . 2011-12-28 04:18 -------- d-----w- c:\program files (x86)\IDM Computer Solutions
2011-12-28 03:52 . 2011-12-28 03:52 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Downloaded Installations
2011-12-25 06:09 . 2011-12-25 06:09 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\Dell Imaging Toolbox
2011-12-25 06:06 . 2011-12-25 06:06 -------- d-----w- C:\Dell
2011-12-22 07:23 . 2012-01-13 22:24 -------- d-----w- c:\users\Donghyeok Kim\riotsGamesLogs
2011-12-22 07:20 . 2011-12-22 07:20 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\LolClient
2011-12-22 06:50 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-12-22 06:50 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-12-22 06:50 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-12-22 06:50 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-22 06:50 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files\iPod
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files\iTunes
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files (x86)\iTunes
2011-12-22 06:45 . 2011-12-22 06:45 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 02:53 . 2011-12-11 02:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:32 . 2011-12-10 23:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF089FB9-5B15-4BBB-B476-94B453DAC086}\offreg.dll
2011-12-10 23:24 . 2011-12-11 00:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 19:26 . 2011-11-25 19:26 388096 ----a-r- c:\users\Donghyeok Kim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-24 04:52 . 2011-12-13 23:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-10 19:28 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF089FB9-5B15-4BBB-B476-94B453DAC086}\mpengine.dll
2011-11-21 11:40 . 2011-02-21 07:08 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 02:48 . 2011-11-15 02:48 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-05 05:32 . 2011-12-13 23:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 23:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 09:28 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 09:28 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 09:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 09:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 09:28 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 09:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 09:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 09:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-27 18:56 . 2011-11-30 18:37 16440 ----a-w- c:\windows\help\OEM\Scripts\SolExternalHDD.exe
2011-10-26 05:21 . 2011-12-13 23:45 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-05-03 19:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Akamai NetSession Interface"="c:\users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-05 30264]
.
c:\users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [2012-01-02 27744]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\Drivers\PaeFireStudio.sys [x]
R3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [x]
R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-10 1044648]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-29 286736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 19:35]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 19:35]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000Core.job
- c:\users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 04:34]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000UA.job
- c:\users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 04:34]
.
2012-01-12 c:\windows\Tasks\HPCeeScheduleForDonghyeok Kim.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-26 21:38]
.
2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"dldtmon.exe"="c:\program files (x86)\Dell V305\dldtmon.exe" [2009-07-30 672424]
"dldtamon"="c:\program files (x86)\Dell V305\dldtamon.exe" [2009-07-30 16040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"combofix"="c:\combofix\CF13318.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: NameServer = 208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Wow6432Node-HKU-Default-Run-Smad - c:\windows\system32\config\systemprofile\AppData\Local\SanctionedMedia\Smad\Smad.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-01-17 17:10:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-18 01:10
.
Pre-Run: 430,955,302,912 bytes free
Post-Run: 433,146,572,800 bytes free
.
- - End Of File - - D8384BDFA1F3C473001A70EAA095E668

Edited by lovescream, 17 January 2012 - 08:28 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 18 January 2012 - 11:10 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 January 2012 - 06:30 PM

As of so far, no "quarantine"s and no balloon pop-ups. I hope it stays that way.
Thank you so much for helping me, Gringo.


15:25:06.0763 6092 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
15:25:07.0134 6092 ============================================================
15:25:07.0134 6092 Current date / time: 2012/01/18 15:25:07.0134
15:25:07.0135 6092 SystemInfo:
15:25:07.0135 6092
15:25:07.0135 6092 OS Version: 6.1.7601 ServicePack: 1.0
15:25:07.0135 6092 Product type: Workstation
15:25:07.0135 6092 ComputerName: DONGHYEOKKIM-PC
15:25:07.0135 6092 UserName: Donghyeok Kim
15:25:07.0135 6092 Windows directory: C:\Windows
15:25:07.0135 6092 System windows directory: C:\Windows
15:25:07.0135 6092 Running under WOW64
15:25:07.0135 6092 Processor architecture: Intel x64
15:25:07.0135 6092 Number of processors: 2
15:25:07.0135 6092 Page size: 0x1000
15:25:07.0135 6092 Boot type: Normal boot
15:25:07.0135 6092 ============================================================
15:25:07.0478 6092 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:25:07.0574 6092 Initialize success
15:25:16.0223 5772 ============================================================
15:25:16.0223 5772 Scan started
15:25:16.0223 5772 Mode: Manual;
15:25:16.0223 5772 ============================================================
15:25:19.0604 5772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:25:19.0607 5772 1394ohci - ok
15:25:19.0856 5772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:25:19.0860 5772 ACPI - ok
15:25:20.0163 5772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:25:20.0164 5772 AcpiPmi - ok
15:25:20.0286 5772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:25:20.0299 5772 adp94xx - ok
15:25:20.0372 5772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:25:20.0376 5772 adpahci - ok
15:25:20.0456 5772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:25:20.0459 5772 adpu320 - ok
15:25:20.0565 5772 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
15:25:20.0570 5772 AFD - ok
15:25:20.0683 5772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:25:20.0685 5772 agp440 - ok
15:25:20.0799 5772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:25:20.0800 5772 aliide - ok
15:25:20.0900 5772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:25:20.0902 5772 amdide - ok
15:25:20.0990 5772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:25:20.0992 5772 AmdK8 - ok
15:25:21.0025 5772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:25:21.0026 5772 AmdPPM - ok
15:25:21.0128 5772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:25:21.0130 5772 amdsata - ok
15:25:21.0226 5772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:25:21.0229 5772 amdsbs - ok
15:25:21.0327 5772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:25:21.0328 5772 amdxata - ok
15:25:21.0439 5772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:25:21.0441 5772 AppID - ok
15:25:21.0632 5772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:25:21.0635 5772 arc - ok
15:25:21.0738 5772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:25:21.0741 5772 arcsas - ok
15:25:21.0913 5772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:25:21.0914 5772 AsyncMac - ok
15:25:22.0057 5772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:25:22.0058 5772 atapi - ok
15:25:22.0315 5772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:25:22.0321 5772 b06bdrv - ok
15:25:22.0500 5772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:25:22.0504 5772 b57nd60a - ok
15:25:22.0617 5772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:25:22.0618 5772 Beep - ok
15:25:22.0705 5772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:25:22.0706 5772 blbdrive - ok
15:25:22.0779 5772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:25:22.0781 5772 bowser - ok
15:25:22.0831 5772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:25:22.0833 5772 BrFiltLo - ok
15:25:22.0849 5772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:25:22.0851 5772 BrFiltUp - ok
15:25:22.0901 5772 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:25:22.0903 5772 BridgeMP - ok
15:25:22.0939 5772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:25:22.0944 5772 Brserid - ok
15:25:22.0963 5772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:25:22.0965 5772 BrSerWdm - ok
15:25:23.0008 5772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:25:23.0009 5772 BrUsbMdm - ok
15:25:23.0025 5772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:25:23.0027 5772 BrUsbSer - ok
15:25:23.0076 5772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:25:23.0078 5772 BTHMODEM - ok
15:25:23.0114 5772 catchme - ok
15:25:23.0210 5772 cbfs3 (b9f9b339e3996a28a37b55b1c74e1d66) C:\Windows\system32\drivers\cbfs3.sys
15:25:23.0212 5772 cbfs3 - ok
15:25:23.0281 5772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:25:23.0283 5772 cdfs - ok
15:25:23.0340 5772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:25:23.0342 5772 cdrom - ok
15:25:23.0389 5772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:25:23.0390 5772 circlass - ok
15:25:23.0423 5772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:25:23.0426 5772 CLFS - ok
15:25:23.0508 5772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:25:23.0509 5772 CmBatt - ok
15:25:23.0540 5772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:25:23.0541 5772 cmdide - ok
15:25:23.0599 5772 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:25:23.0603 5772 CNG - ok
15:25:23.0667 5772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:25:23.0669 5772 Compbatt - ok
15:25:23.0736 5772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:25:23.0738 5772 CompositeBus - ok
15:25:23.0813 5772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:25:23.0815 5772 crcdisk - ok
15:25:23.0924 5772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:25:23.0926 5772 DfsC - ok
15:25:23.0951 5772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:25:23.0951 5772 discache - ok
15:25:24.0000 5772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:25:24.0001 5772 Disk - ok
15:25:24.0092 5772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:25:24.0093 5772 drmkaud - ok
15:25:24.0148 5772 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:25:24.0150 5772 dtsoftbus01 - ok
15:25:24.0197 5772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:25:24.0205 5772 DXGKrnl - ok
15:25:24.0274 5772 EagleX64 - ok
15:25:24.0373 5772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:25:24.0455 5772 ebdrv - ok
15:25:24.0565 5772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:25:24.0580 5772 elxstor - ok
15:25:24.0609 5772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:25:24.0611 5772 ErrDev - ok
15:25:24.0648 5772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:25:24.0651 5772 exfat - ok
15:25:24.0668 5772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:25:24.0671 5772 fastfat - ok
15:25:24.0719 5772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:25:24.0720 5772 fdc - ok
15:25:24.0745 5772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:25:24.0746 5772 FileInfo - ok
15:25:24.0765 5772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:25:24.0766 5772 Filetrace - ok
15:25:24.0821 5772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:25:24.0822 5772 flpydisk - ok
15:25:24.0861 5772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:25:24.0865 5772 FltMgr - ok
15:25:24.0894 5772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:25:24.0896 5772 FsDepends - ok
15:25:24.0916 5772 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:25:24.0916 5772 Fs_Rec - ok
15:25:24.0943 5772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:25:24.0945 5772 fvevol - ok
15:25:24.0996 5772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:25:24.0998 5772 gagp30kx - ok
15:25:25.0057 5772 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:25:25.0058 5772 GEARAspiWDM - ok
15:25:25.0155 5772 GGSAFERDriver (9c50a5ad2218f133e48f9f35b749e9f4) C:\Program Files (x86)\Garena\safedrv.sys
15:25:25.0155 5772 GGSAFERDriver - ok
15:25:25.0295 5772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:25:25.0295 5772 hcw85cir - ok
15:25:25.0420 5772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:25:25.0420 5772 HDAudBus - ok
15:25:25.0451 5772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:25:25.0451 5772 HidBatt - ok
15:25:25.0467 5772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:25:25.0482 5772 HidBth - ok
15:25:25.0498 5772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:25:25.0498 5772 HidIr - ok
15:25:25.0591 5772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:25:25.0591 5772 HidUsb - ok
15:25:25.0685 5772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:25:25.0685 5772 HpSAMD - ok
15:25:25.0732 5772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:25:25.0747 5772 HTTP - ok
15:25:25.0794 5772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:25:25.0794 5772 hwpolicy - ok
15:25:25.0825 5772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:25:25.0825 5772 i8042prt - ok
15:25:25.0872 5772 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
15:25:25.0872 5772 iaStor - ok
15:25:25.0903 5772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:25:25.0903 5772 iaStorV - ok
15:25:26.0122 5772 igfx (e0b4d51e395b7e8d209365029649aed9) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:25:26.0247 5772 igfx - ok
15:25:26.0293 5772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:25:26.0309 5772 iirsp - ok
15:25:26.0512 5772 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
15:25:26.0527 5772 IntcAzAudAddService - ok
15:25:26.0543 5772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:25:26.0543 5772 intelide - ok
15:25:26.0590 5772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:25:26.0590 5772 intelppm - ok
15:25:26.0637 5772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:25:26.0637 5772 IpFilterDriver - ok
15:25:26.0668 5772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:25:26.0668 5772 IPMIDRV - ok
15:25:26.0683 5772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:25:26.0683 5772 IPNAT - ok
15:25:26.0715 5772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:25:26.0730 5772 IRENUM - ok
15:25:26.0761 5772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:25:26.0777 5772 isapnp - ok
15:25:26.0839 5772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:25:26.0839 5772 iScsiPrt - ok
15:25:26.0886 5772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:25:26.0886 5772 kbdclass - ok
15:25:26.0902 5772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:25:26.0902 5772 kbdhid - ok
15:25:26.0933 5772 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:25:26.0933 5772 KSecDD - ok
15:25:26.0980 5772 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:25:26.0980 5772 KSecPkg - ok
15:25:26.0995 5772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:25:26.0995 5772 ksthunk - ok
15:25:27.0089 5772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:25:27.0089 5772 lltdio - ok
15:25:27.0261 5772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:25:27.0261 5772 LSI_FC - ok
15:25:27.0292 5772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:25:27.0292 5772 LSI_SAS - ok
15:25:27.0354 5772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:25:27.0370 5772 LSI_SAS2 - ok
15:25:27.0385 5772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:25:27.0385 5772 LSI_SCSI - ok
15:25:27.0417 5772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:25:27.0417 5772 luafv - ok
15:25:27.0479 5772 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:25:27.0495 5772 MBAMProtector - ok
15:25:27.0541 5772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:25:27.0541 5772 megasas - ok
15:25:27.0557 5772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:25:27.0573 5772 MegaSR - ok
15:25:27.0604 5772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:25:27.0604 5772 Modem - ok
15:25:27.0666 5772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:25:27.0666 5772 monitor - ok
15:25:27.0760 5772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:25:27.0760 5772 mouclass - ok
15:25:27.0791 5772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:25:27.0791 5772 mouhid - ok
15:25:27.0838 5772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:25:27.0838 5772 mountmgr - ok
15:25:27.0931 5772 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
15:25:27.0947 5772 MpFilter - ok
15:25:28.0025 5772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:25:28.0041 5772 mpio - ok
15:25:28.0072 5772 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:25:28.0072 5772 MpNWMon - ok
15:25:28.0103 5772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:25:28.0103 5772 mpsdrv - ok
15:25:28.0134 5772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:25:28.0134 5772 MRxDAV - ok
15:25:28.0165 5772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:25:28.0165 5772 mrxsmb - ok
15:25:28.0212 5772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:25:28.0212 5772 mrxsmb10 - ok
15:25:28.0228 5772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:25:28.0228 5772 mrxsmb20 - ok
15:25:28.0243 5772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:25:28.0243 5772 msahci - ok
15:25:28.0290 5772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:25:28.0290 5772 msdsm - ok
15:25:28.0321 5772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:25:28.0337 5772 Msfs - ok
15:25:28.0384 5772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:25:28.0384 5772 mshidkmdf - ok
15:25:28.0399 5772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:25:28.0399 5772 msisadrv - ok
15:25:28.0477 5772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:25:28.0477 5772 MSKSSRV - ok
15:25:28.0540 5772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:25:28.0540 5772 MSPCLOCK - ok
15:25:28.0555 5772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:25:28.0555 5772 MSPQM - ok
15:25:28.0602 5772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:25:28.0602 5772 MsRPC - ok
15:25:28.0633 5772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:25:28.0633 5772 mssmbios - ok
15:25:28.0680 5772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:25:28.0680 5772 MSTEE - ok
15:25:28.0727 5772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:25:28.0727 5772 MTConfig - ok
15:25:28.0758 5772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:25:28.0774 5772 Mup - ok
15:25:28.0867 5772 mvusbews (f1b096bf8c2a7a5a1e42dc5a13e35952) C:\Windows\system32\Drivers\mvusbews.sys
15:25:28.0867 5772 mvusbews - ok
15:25:28.0930 5772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:25:28.0930 5772 NativeWifiP - ok
15:25:29.0023 5772 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:25:29.0039 5772 NDIS - ok
15:25:29.0117 5772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:25:29.0133 5772 NdisCap - ok
15:25:29.0164 5772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:25:29.0164 5772 NdisTapi - ok
15:25:29.0226 5772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:25:29.0226 5772 Ndisuio - ok
15:25:29.0304 5772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:25:29.0304 5772 NdisWan - ok
15:25:29.0367 5772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:25:29.0367 5772 NDProxy - ok
15:25:29.0445 5772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:25:29.0445 5772 NetBIOS - ok
15:25:29.0476 5772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:25:29.0491 5772 NetBT - ok
15:25:29.0616 5772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:25:29.0632 5772 nfrd960 - ok
15:25:29.0694 5772 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:25:29.0694 5772 NisDrv - ok
15:25:29.0772 5772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:25:29.0772 5772 Npfs - ok
15:25:29.0803 5772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:25:29.0803 5772 nsiproxy - ok
15:25:29.0866 5772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:25:29.0944 5772 Ntfs - ok
15:25:29.0959 5772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:25:29.0975 5772 Null - ok
15:25:30.0022 5772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:25:30.0022 5772 nvraid - ok
15:25:30.0037 5772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:25:30.0053 5772 nvstor - ok
15:25:30.0069 5772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:25:30.0069 5772 nv_agp - ok
15:25:30.0115 5772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:25:30.0115 5772 ohci1394 - ok
15:25:30.0209 5772 PaeFireStudio (ec436fa740f05020954ab154e556591a) C:\Windows\system32\Drivers\PaeFireStudio.sys
15:25:30.0225 5772 PaeFireStudio - ok
15:25:30.0240 5772 PaeFireStudioAudio (221f9ebd63ca64cb32922b02c5aed9a7) C:\Windows\system32\drivers\PaeFireStudioAudio.sys
15:25:30.0240 5772 PaeFireStudioAudio - ok
15:25:30.0256 5772 PaeFireStudioMidi (0bb5230dce8339baa2f066033f75d288) C:\Windows\system32\drivers\PaeFireStudioMidi.sys
15:25:30.0256 5772 PaeFireStudioMidi - ok
15:25:30.0318 5772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:25:30.0318 5772 Parport - ok
15:25:30.0349 5772 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:25:30.0349 5772 partmgr - ok
15:25:30.0365 5772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:25:30.0365 5772 pci - ok
15:25:30.0396 5772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:25:30.0396 5772 pciide - ok
15:25:30.0443 5772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:25:30.0443 5772 pcmcia - ok
15:25:30.0459 5772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:25:30.0459 5772 pcw - ok
15:25:30.0505 5772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:25:30.0521 5772 PEAUTH - ok
15:25:30.0630 5772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:25:30.0630 5772 PptpMiniport - ok
15:25:30.0661 5772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:25:30.0661 5772 Processor - ok
15:25:30.0708 5772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:25:30.0708 5772 Psched - ok
15:25:30.0817 5772 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:25:30.0817 5772 PxHlpa64 - ok
15:25:30.0880 5772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:25:30.0911 5772 ql2300 - ok
15:25:30.0942 5772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:25:30.0942 5772 ql40xx - ok
15:25:30.0958 5772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:25:30.0958 5772 QWAVEdrv - ok
15:25:30.0989 5772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:25:30.0989 5772 RasAcd - ok
15:25:31.0036 5772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:25:31.0036 5772 RasAgileVpn - ok
15:25:31.0067 5772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:25:31.0067 5772 Rasl2tp - ok
15:25:31.0083 5772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:25:31.0098 5772 RasPppoe - ok
15:25:31.0129 5772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:25:31.0129 5772 RasSstp - ok
15:25:31.0161 5772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:25:31.0176 5772 rdbss - ok
15:25:31.0207 5772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:25:31.0207 5772 rdpbus - ok
15:25:31.0254 5772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:25:31.0254 5772 RDPCDD - ok
15:25:31.0301 5772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:25:31.0301 5772 RDPENCDD - ok
15:25:31.0317 5772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:25:31.0317 5772 RDPREFMP - ok
15:25:31.0348 5772 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:25:31.0348 5772 RDPWD - ok
15:25:31.0379 5772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:25:31.0379 5772 rdyboost - ok
15:25:31.0441 5772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:25:31.0441 5772 rspndr - ok
15:25:31.0504 5772 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:25:31.0504 5772 RTL8167 - ok
15:25:31.0551 5772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:25:31.0551 5772 sbp2port - ok
15:25:31.0582 5772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:25:31.0582 5772 scfilter - ok
15:25:31.0644 5772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:25:31.0644 5772 secdrv - ok
15:25:31.0691 5772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:25:31.0707 5772 Serenum - ok
15:25:31.0722 5772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:25:31.0722 5772 Serial - ok
15:25:31.0738 5772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:25:31.0738 5772 sermouse - ok
15:25:31.0800 5772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:25:31.0800 5772 sffdisk - ok
15:25:31.0816 5772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:25:31.0816 5772 sffp_mmc - ok
15:25:31.0816 5772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:25:31.0816 5772 sffp_sd - ok
15:25:31.0863 5772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:25:31.0863 5772 sfloppy - ok
15:25:31.0909 5772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:25:31.0909 5772 SiSRaid2 - ok
15:25:31.0925 5772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:25:31.0925 5772 SiSRaid4 - ok
15:25:31.0972 5772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:25:31.0972 5772 Smb - ok
15:25:32.0003 5772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:25:32.0003 5772 spldr - ok
15:25:32.0065 5772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:25:32.0081 5772 srv - ok
15:25:32.0112 5772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:25:32.0128 5772 srv2 - ok
15:25:32.0143 5772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:25:32.0143 5772 srvnet - ok
15:25:32.0206 5772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:25:32.0206 5772 stexstor - ok
15:25:32.0253 5772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:25:32.0253 5772 swenum - ok
15:25:32.0346 5772 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:25:32.0377 5772 Tcpip - ok
15:25:32.0471 5772 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:25:32.0471 5772 TCPIP6 - ok
15:25:32.0502 5772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:25:32.0502 5772 tcpipreg - ok
15:25:32.0533 5772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:25:32.0533 5772 TDPIPE - ok
15:25:32.0549 5772 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:25:32.0549 5772 TDTCP - ok
15:25:32.0580 5772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:25:32.0580 5772 tdx - ok
15:25:32.0596 5772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:25:32.0596 5772 TermDD - ok
15:25:32.0658 5772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:25:32.0658 5772 tssecsrv - ok
15:25:32.0736 5772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:25:32.0736 5772 TsUsbFlt - ok
15:25:32.0830 5772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:25:32.0830 5772 tunnel - ok
15:25:32.0877 5772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:25:32.0877 5772 uagp35 - ok
15:25:32.0908 5772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:25:32.0923 5772 udfs - ok
15:25:32.0955 5772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:25:32.0955 5772 uliagpkx - ok
15:25:32.0986 5772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:25:32.0986 5772 umbus - ok
15:25:33.0001 5772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:25:33.0001 5772 UmPass - ok
15:25:33.0048 5772 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:25:33.0048 5772 USBAAPL64 - ok
15:25:33.0064 5772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:25:33.0064 5772 usbccgp - ok
15:25:33.0111 5772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:25:33.0111 5772 usbcir - ok
15:25:33.0126 5772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:25:33.0142 5772 usbehci - ok
15:25:33.0157 5772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:25:33.0157 5772 usbhub - ok
15:25:33.0189 5772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:25:33.0189 5772 usbohci - ok
15:25:33.0204 5772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:25:33.0204 5772 usbprint - ok
15:25:33.0251 5772 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:25:33.0251 5772 usbscan - ok
15:25:33.0267 5772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:25:33.0267 5772 USBSTOR - ok
15:25:33.0282 5772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:25:33.0282 5772 usbuhci - ok
15:25:33.0298 5772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:25:33.0298 5772 vdrvroot - ok
15:25:33.0345 5772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:25:33.0345 5772 vga - ok
15:25:33.0360 5772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:25:33.0376 5772 VgaSave - ok
15:25:33.0391 5772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:25:33.0391 5772 vhdmp - ok
15:25:33.0423 5772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:25:33.0423 5772 viaide - ok
15:25:33.0438 5772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:25:33.0438 5772 volmgr - ok
15:25:33.0469 5772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:25:33.0469 5772 volmgrx - ok
15:25:33.0485 5772 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:25:33.0501 5772 volsnap - ok
15:25:33.0532 5772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:25:33.0532 5772 vsmraid - ok
15:25:33.0547 5772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:25:33.0547 5772 vwifibus - ok
15:25:33.0610 5772 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
15:25:33.0610 5772 wacmoumonitor - ok
15:25:33.0641 5772 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
15:25:33.0641 5772 wacommousefilter - ok
15:25:33.0672 5772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:25:33.0672 5772 WacomPen - ok
15:25:33.0719 5772 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
15:25:33.0719 5772 wacomvhid - ok
15:25:33.0750 5772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:25:33.0750 5772 WANARP - ok
15:25:33.0766 5772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:25:33.0766 5772 Wanarpv6 - ok
15:25:33.0813 5772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:25:33.0813 5772 Wd - ok
15:25:33.0828 5772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:25:33.0844 5772 Wdf01000 - ok
15:25:33.0906 5772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:25:33.0906 5772 WfpLwf - ok
15:25:33.0937 5772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:25:33.0937 5772 WIMMount - ok
15:25:34.0031 5772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:25:34.0031 5772 WinUsb - ok
15:25:34.0062 5772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:25:34.0062 5772 WmiAcpi - ok
15:25:34.0109 5772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:25:34.0109 5772 ws2ifsl - ok
15:25:34.0140 5772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:25:34.0156 5772 WudfPf - ok
15:25:34.0187 5772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:25:34.0203 5772 WUDFRd - ok
15:25:34.0234 5772 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
15:25:34.0265 5772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:25:34.0265 5772 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:25:34.0296 5772 Boot (0x1200) (b140b07f42710943b778557b0495c76c) \Device\Harddisk0\DR0\Partition0
15:25:34.0296 5772 \Device\Harddisk0\DR0\Partition0 - ok
15:25:34.0312 5772 Boot (0x1200) (686ed83f0e090c6da7b8ce8eae71de74) \Device\Harddisk0\DR0\Partition1
15:25:34.0312 5772 \Device\Harddisk0\DR0\Partition1 - ok
15:25:34.0359 5772 Boot (0x1200) (676ba433eb6efa93f1e6a15c54ab8f36) \Device\Harddisk0\DR0\Partition2
15:25:34.0359 5772 \Device\Harddisk0\DR0\Partition2 - ok
15:25:34.0359 5772 ============================================================
15:25:34.0359 5772 Scan finished
15:25:34.0359 5772 ============================================================
15:25:34.0390 5260 Detected object count: 1
15:25:34.0390 5260 Actual detected object count: 1
15:26:05.0593 5260 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:26:05.0593 5260 \Device\Harddisk0\DR0 - ok
15:26:05.0593 5260 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:26:09.0134 5992 Deinitialize success

Edited by lovescream, 18 January 2012 - 06:40 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 19 January 2012 - 12:48 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 January 2012 - 02:35 AM

Oh, alright. Thanks.


ComboFix 12-01-18.04 - Donghyeok Kim 01/18/2012 22:52:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6134.4752 [GMT -8:00]
Running from: c:\users\Donghyeok Kim\Downloads\ComboFix.exe
Command switches used :: c:\users\Donghyeok Kim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 06:59 . 2012-01-19 06:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 04:57 . 2012-01-17 04:57 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-14 02:48 . 2011-04-04 22:25 49664 ----a-r- c:\windows\system32\HP1100SMs.dll
2012-01-14 02:48 . 2011-04-03 00:12 350720 ----a-w- c:\windows\system32\mvhlewsi.DLL
2012-01-14 02:48 . 2011-04-03 00:05 1696256 ----a-w- c:\windows\system32\HP1100SM.EXE
2012-01-14 00:25 . 2011-04-03 00:05 290304 ----a-w- c:\windows\system32\HP1100LM.DLL
2012-01-14 00:25 . 2011-04-03 00:04 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HP1100PP.dll
2012-01-14 00:17 . 2011-04-04 14:25 20480 ----a-w- c:\windows\system32\drivers\mvusbews.sys
2012-01-14 00:17 . 2011-04-04 14:25 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-14 00:17 . 2011-04-04 14:25 82944 ----a-w- c:\windows\system32\mvusbews.dll
2012-01-14 00:10 . 2011-05-10 18:06 126520 ----a-r- c:\windows\system32\HPSIsvc.exe
2012-01-14 00:10 . 2012-01-14 00:10 -------- d-----w- c:\programdata\HPSSUPPLY
2012-01-14 00:09 . 2012-01-14 00:09 -------- d-----w- c:\program files\HP
2012-01-13 22:07 . 2012-01-13 22:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-11 00:43 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 00:43 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 00:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 00:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 00:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 00:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 00:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 00:43 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-08 23:45 . 2012-01-08 23:45 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\Screenshot Studio
2012-01-08 23:44 . 2012-01-08 23:44 -------- d-sh--w- c:\programdata\System Restore
2012-01-08 23:44 . 2012-01-08 23:44 -------- d-----w- c:\program files (x86)\Screenshot Studio
2012-01-08 01:18 . 2012-01-08 01:18 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\CheckPoint
2012-01-08 01:17 . 2012-01-08 04:42 -------- d-----w- c:\program files\CheckPoint
2012-01-08 01:17 . 2012-01-08 01:17 -------- d-----w- c:\programdata\CheckPoint
2012-01-08 01:16 . 2012-01-08 04:42 -------- d-----w- c:\program files (x86)\CheckPoint
2012-01-07 00:08 . 2012-01-07 00:08 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Chromium
2012-01-07 00:01 . 2008-10-10 12:52 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-01-07 00:01 . 2008-10-10 12:52 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-01-07 00:01 . 2008-10-10 12:52 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-01-07 00:01 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-01-07 00:01 . 2012-01-08 16:34 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\RenPy
2012-01-05 07:34 . 2012-01-08 16:57 -------- d-----w- c:\program files (x86)\Katawa Shoujo
2012-01-04 02:16 . 2012-01-04 02:16 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\SanctionedMedia
2011-12-29 23:31 . 2011-12-29 23:31 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Macroplant
2011-12-28 04:22 . 2011-12-28 04:22 -------- d-----w- c:\programdata\IDMComp
2011-12-28 04:22 . 2011-12-28 04:22 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\IDMComp
2011-12-28 04:18 . 2011-12-28 04:18 -------- d-----w- c:\program files (x86)\IDM Computer Solutions
2011-12-28 03:52 . 2011-12-28 03:52 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Downloaded Installations
2011-12-25 06:09 . 2011-12-25 06:09 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\Dell Imaging Toolbox
2011-12-25 06:06 . 2011-12-25 06:06 -------- d-----w- C:\Dell
2011-12-22 07:23 . 2012-01-13 22:24 -------- d-----w- c:\users\Donghyeok Kim\riotsGamesLogs
2011-12-22 07:20 . 2011-12-22 07:20 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\LolClient
2011-12-22 06:50 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-12-22 06:50 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-12-22 06:50 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-12-22 06:50 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-22 06:50 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files\iPod
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files\iTunes
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files (x86)\iTunes
2011-12-22 06:45 . 2011-12-22 06:45 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-09 18:28 . 2011-11-30 18:37 55168 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpdaterObj.exe
2011-12-11 02:53 . 2011-12-11 02:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:32 . 2011-12-10 23:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF089FB9-5B15-4BBB-B476-94B453DAC086}\offreg.dll
2011-12-10 23:24 . 2011-12-11 00:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 23:58 . 2012-01-18 23:25 22528 ----a-w- c:\windows\help\OEM\Scripts\PWAlertEnable.exe
2011-12-07 19:29 . 2011-11-30 18:37 49152 ----a-w- c:\windows\help\OEM\Scripts\Interop.TaskScheduler.dll
2011-11-25 19:26 . 2011-11-25 19:26 388096 ----a-r- c:\users\Donghyeok Kim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-24 04:52 . 2011-12-13 23:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-10 19:28 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF089FB9-5B15-4BBB-B476-94B453DAC086}\mpengine.dll
2011-11-21 11:40 . 2011-02-21 07:08 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 02:48 . 2011-11-15 02:48 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-10 08:56 . 2012-01-18 23:25 70144 ----a-w- c:\windows\help\OEM\Scripts\HPSAPopupMessaging.dll
2011-11-05 05:32 . 2011-12-13 23:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 23:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 09:28 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 09:28 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 09:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 09:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 09:28 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 09:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 09:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 09:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-27 18:56 . 2011-11-30 18:37 16440 ----a-w- c:\windows\help\OEM\Scripts\SolExternalHDD.exe
2011-10-26 05:21 . 2011-12-13 23:45 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-05-03 19:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-18_01.03.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 20:52 . 2012-01-18 04:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-19 20:52 . 2012-01-16 03:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-19 20:51 . 2012-01-18 00:34 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-19 20:51 . 2012-01-18 01:03 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-08-26 08:25 . 2012-01-18 23:28 65934 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-18 23:28 42496 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-16 04:47 . 2012-01-18 23:28 19218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2963319434-830871422-2673064414-1000_UserData.bin
- 2011-02-16 03:29 . 2012-01-17 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-16 03:29 . 2012-01-18 01:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-16 03:29 . 2012-01-17 01:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-16 03:29 . 2012-01-18 01:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 01:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-18 23:25 . 2011-03-30 21:37 54840 c:\windows\Help\OEM\Scripts\interop.Scheduler.dll
+ 2011-02-17 06:59 . 2012-01-18 01:15 3444 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-18 01:02 . 2012-01-18 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-18 23:26 . 2012-01-18 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-18 01:02 . 2012-01-18 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-18 23:26 . 2012-01-18 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-16 18:38 . 2012-01-19 04:46 291428 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-01-18 00:45 662408 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-18 23:31 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-18 00:45 122236 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-18 23:31 122236 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-18 01:02 426364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-18 23:26 426364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-01-18 01:03 1032192 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-18 23:25 1032192 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-18 23:25 7733248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-18 01:03 7733248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-10 08:43 . 2012-01-18 01:02 4441880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-10 08:43 . 2012-01-18 23:26 4441880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 04:54 . 2012-01-18 01:03 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 23:25 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-16 04:44 . 2012-01-18 01:02 35651236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963319434-830871422-2673064414-1000-8192.dat
+ 2011-02-16 04:44 . 2012-01-18 23:26 35651236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963319434-830871422-2673064414-1000-8192.dat
+ 2011-08-15 16:03 . 2012-01-18 01:50 17233505 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963319434-830871422-2673064414-1000-4096.dat
- 2011-12-19 21:33 . 2012-01-18 01:02 10553284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-12-19 21:33 . 2012-01-18 01:15 10553284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Akamai NetSession Interface"="c:\users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-05 30264]
.
c:\users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [2012-01-02 27744]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\Drivers\PaeFireStudio.sys [x]
R3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [x]
R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-10 1044648]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-29 286736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 19:35]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 19:35]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000Core.job
- c:\users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 04:34]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000UA.job
- c:\users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 04:34]
.
2012-01-18 c:\windows\Tasks\HPCeeScheduleForDonghyeok Kim.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-26 21:38]
.
2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [BU]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"dldtmon.exe"="c:\program files (x86)\Dell V305\dldtmon.exe" [2009-07-30 672424]
"dldtamon"="c:\program files (x86)\Dell V305\dldtamon.exe" [2009-07-30 16040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: NameServer = 208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-18 23:01:16
ComboFix-quarantined-files.txt 2012-01-19 07:01
ComboFix2.txt 2012-01-18 01:10
.
Pre-Run: 433,496,559,616 bytes free
Post-Run: 433,079,586,816 bytes free
.
- - End Of File - - 95B462C606CE774F6FD3735955A713B9

#8 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 January 2012 - 02:36 AM

Oh, alright. Thanks. I'll post how my computer is a bit later, I can't tell right this minute


ComboFix 12-01-18.04 - Donghyeok Kim 01/18/2012 22:52:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6134.4752 [GMT -8:00]
Running from: c:\users\Donghyeok Kim\Downloads\ComboFix.exe
Command switches used :: c:\users\Donghyeok Kim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 06:59 . 2012-01-19 06:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 04:57 . 2012-01-17 04:57 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-14 02:48 . 2011-04-04 22:25 49664 ----a-r- c:\windows\system32\HP1100SMs.dll
2012-01-14 02:48 . 2011-04-03 00:12 350720 ----a-w- c:\windows\system32\mvhlewsi.DLL
2012-01-14 02:48 . 2011-04-03 00:05 1696256 ----a-w- c:\windows\system32\HP1100SM.EXE
2012-01-14 00:25 . 2011-04-03 00:05 290304 ----a-w- c:\windows\system32\HP1100LM.DLL
2012-01-14 00:25 . 2011-04-03 00:04 74240 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HP1100PP.dll
2012-01-14 00:17 . 2011-04-04 14:25 20480 ----a-w- c:\windows\system32\drivers\mvusbews.sys
2012-01-14 00:17 . 2011-04-04 14:25 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-01-14 00:17 . 2011-04-04 14:25 82944 ----a-w- c:\windows\system32\mvusbews.dll
2012-01-14 00:10 . 2011-05-10 18:06 126520 ----a-r- c:\windows\system32\HPSIsvc.exe
2012-01-14 00:10 . 2012-01-14 00:10 -------- d-----w- c:\programdata\HPSSUPPLY
2012-01-14 00:09 . 2012-01-14 00:09 -------- d-----w- c:\program files\HP
2012-01-13 22:07 . 2012-01-13 22:07 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-11 00:43 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 00:43 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 00:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 00:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 00:43 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 00:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 00:43 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 00:43 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-08 23:45 . 2012-01-08 23:45 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\Screenshot Studio
2012-01-08 23:44 . 2012-01-08 23:44 -------- d-sh--w- c:\programdata\System Restore
2012-01-08 23:44 . 2012-01-08 23:44 -------- d-----w- c:\program files (x86)\Screenshot Studio
2012-01-08 01:18 . 2012-01-08 01:18 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\CheckPoint
2012-01-08 01:17 . 2012-01-08 04:42 -------- d-----w- c:\program files\CheckPoint
2012-01-08 01:17 . 2012-01-08 01:17 -------- d-----w- c:\programdata\CheckPoint
2012-01-08 01:16 . 2012-01-08 04:42 -------- d-----w- c:\program files (x86)\CheckPoint
2012-01-07 00:08 . 2012-01-07 00:08 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Chromium
2012-01-07 00:01 . 2008-10-10 12:52 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-01-07 00:01 . 2008-10-10 12:52 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-01-07 00:01 . 2008-10-10 12:52 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-01-07 00:01 . 2007-04-05 02:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-01-07 00:01 . 2012-01-08 16:34 -------- d-----w- c:\program files (x86)\Heroes of Newerth
2012-01-05 07:36 . 2012-01-05 07:36 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\RenPy
2012-01-05 07:34 . 2012-01-08 16:57 -------- d-----w- c:\program files (x86)\Katawa Shoujo
2012-01-04 02:16 . 2012-01-04 02:16 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\SanctionedMedia
2011-12-29 23:31 . 2011-12-29 23:31 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Macroplant
2011-12-28 04:22 . 2011-12-28 04:22 -------- d-----w- c:\programdata\IDMComp
2011-12-28 04:22 . 2011-12-28 04:22 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\IDMComp
2011-12-28 04:18 . 2011-12-28 04:18 -------- d-----w- c:\program files (x86)\IDM Computer Solutions
2011-12-28 03:52 . 2011-12-28 03:52 -------- d-----w- c:\users\Donghyeok Kim\AppData\Local\Downloaded Installations
2011-12-25 06:09 . 2011-12-25 06:09 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\Dell Imaging Toolbox
2011-12-25 06:06 . 2011-12-25 06:06 -------- d-----w- C:\Dell
2011-12-22 07:23 . 2012-01-13 22:24 -------- d-----w- c:\users\Donghyeok Kim\riotsGamesLogs
2011-12-22 07:20 . 2011-12-22 07:20 -------- d-----w- c:\users\Donghyeok Kim\AppData\Roaming\LolClient
2011-12-22 06:50 . 2008-07-31 18:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-12-22 06:50 . 2008-07-31 18:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-12-22 06:50 . 2008-07-12 16:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-12-22 06:50 . 2008-07-12 16:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-12-22 06:50 . 2008-07-12 16:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files\iPod
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files\iTunes
2011-12-22 06:50 . 2011-12-22 06:50 -------- d-----w- c:\program files (x86)\iTunes
2011-12-22 06:45 . 2011-12-22 06:45 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-09 18:28 . 2011-11-30 18:37 55168 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpdaterObj.exe
2011-12-11 02:53 . 2011-12-11 02:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 23:32 . 2011-12-10 23:09 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF089FB9-5B15-4BBB-B476-94B453DAC086}\offreg.dll
2011-12-10 23:24 . 2011-12-11 00:09 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 23:58 . 2012-01-18 23:25 22528 ----a-w- c:\windows\help\OEM\Scripts\PWAlertEnable.exe
2011-12-07 19:29 . 2011-11-30 18:37 49152 ----a-w- c:\windows\help\OEM\Scripts\Interop.TaskScheduler.dll
2011-11-25 19:26 . 2011-11-25 19:26 388096 ----a-r- c:\users\Donghyeok Kim\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-24 04:52 . 2011-12-13 23:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-10 19:28 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF089FB9-5B15-4BBB-B476-94B453DAC086}\mpengine.dll
2011-11-21 11:40 . 2011-02-21 07:08 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 02:48 . 2011-11-15 02:48 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-10 08:56 . 2012-01-18 23:25 70144 ----a-w- c:\windows\help\OEM\Scripts\HPSAPopupMessaging.dll
2011-11-05 05:32 . 2011-12-13 23:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 23:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 09:28 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 09:28 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 09:28 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 09:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 09:28 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 09:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 09:28 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 09:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-27 18:56 . 2011-11-30 18:37 16440 ----a-w- c:\windows\help\OEM\Scripts\SolExternalHDD.exe
2011-10-26 05:21 . 2011-12-13 23:45 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2006-05-03 19:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 07:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-18_01.03.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 20:52 . 2012-01-18 04:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-19 20:52 . 2012-01-16 03:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-12-19 20:51 . 2012-01-18 00:34 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-19 20:51 . 2012-01-18 01:03 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-08-26 08:25 . 2012-01-18 23:28 65934 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-18 23:28 42496 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-16 04:47 . 2012-01-18 23:28 19218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2963319434-830871422-2673064414-1000_UserData.bin
- 2011-02-16 03:29 . 2012-01-17 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-16 03:29 . 2012-01-18 01:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-16 03:29 . 2012-01-17 01:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-16 03:29 . 2012-01-18 01:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 01:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 01:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-18 23:25 . 2011-03-30 21:37 54840 c:\windows\Help\OEM\Scripts\interop.Scheduler.dll
+ 2011-02-17 06:59 . 2012-01-18 01:15 3444 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-18 01:02 . 2012-01-18 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-18 23:26 . 2012-01-18 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-18 01:02 . 2012-01-18 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-18 23:26 . 2012-01-18 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-16 18:38 . 2012-01-19 04:46 291428 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-01-18 00:45 662408 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-18 23:31 662408 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-18 00:45 122236 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-18 23:31 122236 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-18 01:02 426364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-18 23:26 426364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-01-18 01:03 1032192 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-18 23:25 1032192 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-18 23:25 7733248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-18 01:03 7733248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-10 08:43 . 2012-01-18 01:02 4441880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-10 08:43 . 2012-01-18 23:26 4441880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 04:54 . 2012-01-18 01:03 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 23:25 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-16 04:44 . 2012-01-18 01:02 35651236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963319434-830871422-2673064414-1000-8192.dat
+ 2011-02-16 04:44 . 2012-01-18 23:26 35651236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963319434-830871422-2673064414-1000-8192.dat
+ 2011-08-15 16:03 . 2012-01-18 01:50 17233505 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2963319434-830871422-2673064414-1000-4096.dat
- 2011-12-19 21:33 . 2012-01-18 01:02 10553284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-12-19 21:33 . 2012-01-18 01:15 10553284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Akamai NetSession Interface"="c:\users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-05 30264]
.
c:\users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [2012-01-02 27744]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\Drivers\PaeFireStudio.sys [x]
R3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [x]
R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-10 1044648]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-29 286736]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 19:35]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 19:35]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000Core.job
- c:\users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 04:34]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000UA.job
- c:\users\Donghyeok Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 04:34]
.
2012-01-18 c:\windows\Tasks\HPCeeScheduleForDonghyeok Kim.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-26 21:38]
.
2011-12-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 18:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-24 363544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [BU]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-24 165912]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-24 385560]
"dldtmon.exe"="c:\program files (x86)\Dell V305\dldtmon.exe" [2009-07-30 672424]
"dldtamon"="c:\program files (x86)\Dell V305\dldtamon.exe" [2009-07-30 16040]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: NameServer = 208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-18 23:01:16
ComboFix-quarantined-files.txt 2012-01-19 07:01
ComboFix2.txt 2012-01-18 01:10
.
Pre-Run: 433,496,559,616 bytes free
Post-Run: 433,079,586,816 bytes free
.
- - End Of File - - 95B462C606CE774F6FD3735955A713B9

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 19 January 2012 - 03:00 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 January 2012 - 11:17 PM

What I noticed: Google search still redirects to other websites, and I can't sign up for "Google AdSense"

20:16:05.0838 4632 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
20:16:06.0374 4632 ============================================================
20:16:06.0374 4632 Current date / time: 2012/01/19 20:16:06.0374
20:16:06.0374 4632 SystemInfo:
20:16:06.0374 4632
20:16:06.0375 4632 OS Version: 6.1.7601 ServicePack: 1.0
20:16:06.0375 4632 Product type: Workstation
20:16:06.0375 4632 ComputerName: DONGHYEOKKIM-PC
20:16:06.0375 4632 UserName: Donghyeok Kim
20:16:06.0375 4632 Windows directory: C:\Windows
20:16:06.0375 4632 System windows directory: C:\Windows
20:16:06.0375 4632 Running under WOW64
20:16:06.0375 4632 Processor architecture: Intel x64
20:16:06.0375 4632 Number of processors: 2
20:16:06.0375 4632 Page size: 0x1000
20:16:06.0375 4632 Boot type: Normal boot
20:16:06.0375 4632 ============================================================
20:16:06.0713 4632 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:16:06.0812 4632 Initialize success
20:16:09.0054 0748 ============================================================
20:16:09.0054 0748 Scan started
20:16:09.0054 0748 Mode: Manual;
20:16:09.0054 0748 ============================================================
20:16:09.0650 0748 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:16:09.0654 0748 1394ohci - ok
20:16:09.0686 0748 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:16:09.0689 0748 ACPI - ok
20:16:09.0717 0748 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:16:09.0718 0748 AcpiPmi - ok
20:16:09.0790 0748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:16:09.0804 0748 adp94xx - ok
20:16:09.0843 0748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:16:09.0847 0748 adpahci - ok
20:16:09.0869 0748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:16:09.0871 0748 adpu320 - ok
20:16:09.0937 0748 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:16:09.0951 0748 AFD - ok
20:16:09.0988 0748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:16:09.0989 0748 agp440 - ok
20:16:10.0029 0748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:16:10.0030 0748 aliide - ok
20:16:10.0063 0748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:16:10.0065 0748 amdide - ok
20:16:10.0103 0748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:16:10.0104 0748 AmdK8 - ok
20:16:10.0137 0748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:16:10.0139 0748 AmdPPM - ok
20:16:10.0182 0748 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:16:10.0184 0748 amdsata - ok
20:16:10.0222 0748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:16:10.0225 0748 amdsbs - ok
20:16:10.0248 0748 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:16:10.0249 0748 amdxata - ok
20:16:10.0293 0748 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:16:10.0294 0748 AppID - ok
20:16:10.0370 0748 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:16:10.0372 0748 arc - ok
20:16:10.0401 0748 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:16:10.0402 0748 arcsas - ok
20:16:10.0442 0748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:16:10.0443 0748 AsyncMac - ok
20:16:10.0478 0748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:16:10.0479 0748 atapi - ok
20:16:10.0536 0748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:16:10.0550 0748 b06bdrv - ok
20:16:10.0571 0748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:16:10.0574 0748 b57nd60a - ok
20:16:10.0613 0748 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:16:10.0615 0748 Beep - ok
20:16:10.0676 0748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:16:10.0677 0748 blbdrive - ok
20:16:10.0742 0748 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:16:10.0743 0748 bowser - ok
20:16:10.0786 0748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:16:10.0787 0748 BrFiltLo - ok
20:16:10.0812 0748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:16:10.0813 0748 BrFiltUp - ok
20:16:10.0847 0748 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:16:10.0849 0748 BridgeMP - ok
20:16:10.0877 0748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:16:10.0877 0748 Brserid - ok
20:16:10.0908 0748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:16:10.0908 0748 BrSerWdm - ok
20:16:10.0939 0748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:16:10.0939 0748 BrUsbMdm - ok
20:16:10.0970 0748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:16:10.0970 0748 BrUsbSer - ok
20:16:10.0986 0748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:16:10.0986 0748 BTHMODEM - ok
20:16:11.0017 0748 catchme - ok
20:16:11.0064 0748 cbfs3 (b9f9b339e3996a28a37b55b1c74e1d66) C:\Windows\system32\drivers\cbfs3.sys
20:16:11.0064 0748 cbfs3 - ok
20:16:11.0111 0748 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:16:11.0111 0748 cdfs - ok
20:16:11.0157 0748 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:16:11.0157 0748 cdrom - ok
20:16:11.0235 0748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:16:11.0235 0748 circlass - ok
20:16:11.0251 0748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:16:11.0251 0748 CLFS - ok
20:16:11.0313 0748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:16:11.0313 0748 CmBatt - ok
20:16:11.0345 0748 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:16:11.0345 0748 cmdide - ok
20:16:11.0376 0748 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:16:11.0391 0748 CNG - ok
20:16:11.0407 0748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:16:11.0423 0748 Compbatt - ok
20:16:11.0454 0748 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:16:11.0454 0748 CompositeBus - ok
20:16:11.0485 0748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:16:11.0485 0748 crcdisk - ok
20:16:11.0562 0748 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:16:11.0565 0748 DfsC - ok
20:16:11.0614 0748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:16:11.0617 0748 discache - ok
20:16:11.0663 0748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:16:11.0664 0748 Disk - ok
20:16:11.0731 0748 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:16:11.0732 0748 drmkaud - ok
20:16:11.0778 0748 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:16:11.0781 0748 dtsoftbus01 - ok
20:16:11.0842 0748 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:16:11.0871 0748 DXGKrnl - ok
20:16:11.0913 0748 EagleX64 - ok
20:16:11.0994 0748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:16:12.0073 0748 ebdrv - ok
20:16:12.0136 0748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:16:12.0150 0748 elxstor - ok
20:16:12.0181 0748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:16:12.0182 0748 ErrDev - ok
20:16:12.0219 0748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:16:12.0221 0748 exfat - ok
20:16:12.0239 0748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:16:12.0243 0748 fastfat - ok
20:16:12.0274 0748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:16:12.0275 0748 fdc - ok
20:16:12.0308 0748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:16:12.0309 0748 FileInfo - ok
20:16:12.0329 0748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:16:12.0330 0748 Filetrace - ok
20:16:12.0351 0748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:16:12.0352 0748 flpydisk - ok
20:16:12.0382 0748 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:16:12.0385 0748 FltMgr - ok
20:16:12.0416 0748 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:16:12.0417 0748 FsDepends - ok
20:16:12.0437 0748 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:16:12.0438 0748 Fs_Rec - ok
20:16:12.0480 0748 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:16:12.0483 0748 fvevol - ok
20:16:12.0510 0748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:16:12.0511 0748 gagp30kx - ok
20:16:12.0554 0748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:16:12.0555 0748 GEARAspiWDM - ok
20:16:12.0645 0748 GGSAFERDriver (9c50a5ad2218f133e48f9f35b749e9f4) C:\Program Files (x86)\Garena\safedrv.sys
20:16:12.0646 0748 GGSAFERDriver - ok
20:16:12.0691 0748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:16:12.0692 0748 hcw85cir - ok
20:16:12.0737 0748 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:16:12.0739 0748 HDAudBus - ok
20:16:12.0769 0748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:16:12.0770 0748 HidBatt - ok
20:16:12.0802 0748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:16:12.0804 0748 HidBth - ok
20:16:12.0820 0748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:16:12.0822 0748 HidIr - ok
20:16:12.0852 0748 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:16:12.0853 0748 HidUsb - ok
20:16:12.0926 0748 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:16:12.0927 0748 HpSAMD - ok
20:16:12.0981 0748 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:16:13.0004 0748 HTTP - ok
20:16:13.0034 0748 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:16:13.0035 0748 hwpolicy - ok
20:16:13.0056 0748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:16:13.0058 0748 i8042prt - ok
20:16:13.0102 0748 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:16:13.0105 0748 iaStor - ok
20:16:13.0141 0748 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:16:13.0145 0748 iaStorV - ok
20:16:13.0298 0748 igfx (e0b4d51e395b7e8d209365029649aed9) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:16:13.0425 0748 igfx - ok
20:16:13.0496 0748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:16:13.0497 0748 iirsp - ok
20:16:13.0559 0748 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
20:16:13.0606 0748 IntcAzAudAddService - ok
20:16:13.0669 0748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:16:13.0669 0748 intelide - ok
20:16:13.0700 0748 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:16:13.0700 0748 intelppm - ok
20:16:13.0731 0748 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:16:13.0731 0748 IpFilterDriver - ok
20:16:13.0747 0748 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:16:13.0747 0748 IPMIDRV - ok
20:16:13.0778 0748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:16:13.0778 0748 IPNAT - ok
20:16:13.0809 0748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:16:13.0809 0748 IRENUM - ok
20:16:13.0825 0748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:16:13.0840 0748 isapnp - ok
20:16:13.0856 0748 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:16:13.0856 0748 iScsiPrt - ok
20:16:13.0887 0748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:16:13.0887 0748 kbdclass - ok
20:16:13.0903 0748 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:16:13.0903 0748 kbdhid - ok
20:16:13.0918 0748 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:16:13.0918 0748 KSecDD - ok
20:16:13.0949 0748 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:16:13.0965 0748 KSecPkg - ok
20:16:13.0965 0748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:16:13.0981 0748 ksthunk - ok
20:16:14.0043 0748 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:16:14.0043 0748 lltdio - ok
20:16:14.0074 0748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:16:14.0074 0748 LSI_FC - ok
20:16:14.0090 0748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:16:14.0105 0748 LSI_SAS - ok
20:16:14.0121 0748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:16:14.0121 0748 LSI_SAS2 - ok
20:16:14.0137 0748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:16:14.0152 0748 LSI_SCSI - ok
20:16:14.0168 0748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:16:14.0168 0748 luafv - ok
20:16:14.0230 0748 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:16:14.0230 0748 MBAMProtector - ok
20:16:14.0246 0748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:16:14.0246 0748 megasas - ok
20:16:14.0277 0748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:16:14.0277 0748 MegaSR - ok
20:16:14.0293 0748 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:16:14.0293 0748 Modem - ok
20:16:14.0339 0748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:16:14.0339 0748 monitor - ok
20:16:14.0371 0748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:16:14.0371 0748 mouclass - ok
20:16:14.0402 0748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:16:14.0402 0748 mouhid - ok
20:16:14.0433 0748 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:16:14.0433 0748 mountmgr - ok
20:16:14.0480 0748 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:16:14.0480 0748 MpFilter - ok
20:16:14.0495 0748 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:16:14.0511 0748 mpio - ok
20:16:14.0543 0748 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:16:14.0545 0748 MpNWMon - ok
20:16:14.0564 0748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:16:14.0565 0748 mpsdrv - ok
20:16:14.0599 0748 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:16:14.0601 0748 MRxDAV - ok
20:16:14.0637 0748 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:16:14.0640 0748 mrxsmb - ok
20:16:14.0675 0748 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:16:14.0678 0748 mrxsmb10 - ok
20:16:14.0694 0748 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:16:14.0696 0748 mrxsmb20 - ok
20:16:14.0734 0748 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:16:14.0736 0748 msahci - ok
20:16:14.0779 0748 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:16:14.0781 0748 msdsm - ok
20:16:14.0816 0748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:16:14.0817 0748 Msfs - ok
20:16:14.0842 0748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:16:14.0843 0748 mshidkmdf - ok
20:16:14.0864 0748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:16:14.0865 0748 msisadrv - ok
20:16:14.0907 0748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:16:14.0908 0748 MSKSSRV - ok
20:16:14.0949 0748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:16:14.0950 0748 MSPCLOCK - ok
20:16:14.0962 0748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:16:14.0964 0748 MSPQM - ok
20:16:14.0994 0748 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:16:14.0998 0748 MsRPC - ok
20:16:15.0022 0748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:16:15.0023 0748 mssmbios - ok
20:16:15.0045 0748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:16:15.0046 0748 MSTEE - ok
20:16:15.0067 0748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:16:15.0068 0748 MTConfig - ok
20:16:15.0095 0748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:16:15.0097 0748 Mup - ok
20:16:15.0135 0748 mvusbews (f1b096bf8c2a7a5a1e42dc5a13e35952) C:\Windows\system32\Drivers\mvusbews.sys
20:16:15.0137 0748 mvusbews - ok
20:16:15.0177 0748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:16:15.0181 0748 NativeWifiP - ok
20:16:15.0247 0748 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:16:15.0264 0748 NDIS - ok
20:16:15.0285 0748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:16:15.0287 0748 NdisCap - ok
20:16:15.0314 0748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:16:15.0315 0748 NdisTapi - ok
20:16:15.0345 0748 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:16:15.0347 0748 Ndisuio - ok
20:16:15.0387 0748 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:16:15.0389 0748 NdisWan - ok
20:16:15.0420 0748 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:16:15.0422 0748 NDProxy - ok
20:16:15.0443 0748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:16:15.0444 0748 NetBIOS - ok
20:16:15.0491 0748 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:16:15.0494 0748 NetBT - ok
20:16:15.0563 0748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:16:15.0564 0748 nfrd960 - ok
20:16:15.0590 0748 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:16:15.0592 0748 NisDrv - ok
20:16:15.0618 0748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:16:15.0620 0748 Npfs - ok
20:16:15.0689 0748 NPFW (c5021d50f0280ff3515d77182f00fd64) C:\Windows\system32\NPFWVT64.sys
20:16:15.0692 0748 NPFW - ok
20:16:15.0720 0748 NPIDS (0c32b82eab680dd4845bcf01cdc2468c) C:\Windows\system32\NpIdsVt64.sys
20:16:15.0721 0748 NPIDS - ok
20:16:15.0749 0748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:16:15.0750 0748 nsiproxy - ok
20:16:15.0829 0748 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:16:15.0870 0748 Ntfs - ok
20:16:15.0886 0748 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:16:15.0888 0748 Null - ok
20:16:15.0925 0748 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:16:15.0928 0748 nvraid - ok
20:16:15.0972 0748 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:16:15.0975 0748 nvstor - ok
20:16:16.0012 0748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:16:16.0015 0748 nv_agp - ok
20:16:16.0056 0748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:16:16.0059 0748 ohci1394 - ok
20:16:16.0140 0748 PaeFireStudio (ec436fa740f05020954ab154e556591a) C:\Windows\system32\Drivers\PaeFireStudio.sys
20:16:16.0151 0748 PaeFireStudio - ok
20:16:16.0165 0748 PaeFireStudioAudio (221f9ebd63ca64cb32922b02c5aed9a7) C:\Windows\system32\drivers\PaeFireStudioAudio.sys
20:16:16.0166 0748 PaeFireStudioAudio - ok
20:16:16.0187 0748 PaeFireStudioMidi (0bb5230dce8339baa2f066033f75d288) C:\Windows\system32\drivers\PaeFireStudioMidi.sys
20:16:16.0189 0748 PaeFireStudioMidi - ok
20:16:16.0239 0748 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:16:16.0241 0748 Parport - ok
20:16:16.0289 0748 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:16:16.0290 0748 partmgr - ok
20:16:16.0313 0748 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:16:16.0316 0748 pci - ok
20:16:16.0339 0748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:16:16.0340 0748 pciide - ok
20:16:16.0366 0748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:16:16.0370 0748 pcmcia - ok
20:16:16.0388 0748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:16:16.0390 0748 pcw - ok
20:16:16.0418 0748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:16:16.0433 0748 PEAUTH - ok
20:16:16.0516 0748 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:16:16.0519 0748 PptpMiniport - ok
20:16:16.0541 0748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:16:16.0542 0748 Processor - ok
20:16:16.0597 0748 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:16:16.0599 0748 Psched - ok
20:16:16.0657 0748 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:16:16.0658 0748 PxHlpa64 - ok
20:16:16.0709 0748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:16:16.0740 0748 ql2300 - ok
20:16:16.0772 0748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:16:16.0774 0748 ql40xx - ok
20:16:16.0815 0748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:16:16.0817 0748 QWAVEdrv - ok
20:16:16.0843 0748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:16:16.0844 0748 RasAcd - ok
20:16:16.0871 0748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:16:16.0873 0748 RasAgileVpn - ok
20:16:16.0904 0748 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:16:16.0907 0748 Rasl2tp - ok
20:16:16.0927 0748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:16:16.0928 0748 RasPppoe - ok
20:16:16.0947 0748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:16:16.0948 0748 RasSstp - ok
20:16:16.0986 0748 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:16:16.0989 0748 rdbss - ok
20:16:17.0009 0748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:16:17.0010 0748 rdpbus - ok
20:16:17.0028 0748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:16:17.0029 0748 RDPCDD - ok
20:16:17.0050 0748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:16:17.0052 0748 RDPENCDD - ok
20:16:17.0072 0748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:16:17.0073 0748 RDPREFMP - ok
20:16:17.0093 0748 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:16:17.0096 0748 RDPWD - ok
20:16:17.0131 0748 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:16:17.0134 0748 rdyboost - ok
20:16:17.0176 0748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:16:17.0177 0748 rspndr - ok
20:16:17.0218 0748 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:16:17.0221 0748 RTL8167 - ok
20:16:17.0268 0748 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:16:17.0270 0748 sbp2port - ok
20:16:17.0315 0748 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:16:17.0316 0748 scfilter - ok
20:16:17.0348 0748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:16:17.0350 0748 secdrv - ok
20:16:17.0376 0748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:16:17.0377 0748 Serenum - ok
20:16:17.0403 0748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:16:17.0405 0748 Serial - ok
20:16:17.0422 0748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:16:17.0423 0748 sermouse - ok
20:16:17.0463 0748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:16:17.0465 0748 sffdisk - ok
20:16:17.0481 0748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:16:17.0483 0748 sffp_mmc - ok
20:16:17.0500 0748 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:16:17.0501 0748 sffp_sd - ok
20:16:17.0516 0748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:16:17.0517 0748 sfloppy - ok
20:16:17.0545 0748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:16:17.0547 0748 SiSRaid2 - ok
20:16:17.0566 0748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:16:17.0567 0748 SiSRaid4 - ok
20:16:17.0599 0748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:16:17.0601 0748 Smb - ok
20:16:17.0637 0748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:16:17.0638 0748 spldr - ok
20:16:17.0694 0748 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:16:17.0707 0748 srv - ok
20:16:17.0743 0748 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:16:17.0747 0748 srv2 - ok
20:16:17.0762 0748 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:16:17.0765 0748 srvnet - ok
20:16:17.0828 0748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:16:17.0829 0748 stexstor - ok
20:16:17.0848 0748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:16:17.0849 0748 swenum - ok
20:16:17.0943 0748 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:16:17.0977 0748 Tcpip - ok
20:16:18.0014 0748 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:16:18.0025 0748 TCPIP6 - ok
20:16:18.0059 0748 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:16:18.0061 0748 tcpipreg - ok
20:16:18.0085 0748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:16:18.0086 0748 TDPIPE - ok
20:16:18.0105 0748 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:16:18.0107 0748 TDTCP - ok
20:16:18.0134 0748 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:16:18.0136 0748 tdx - ok
20:16:18.0154 0748 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:16:18.0155 0748 TermDD - ok
20:16:18.0211 0748 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:16:18.0212 0748 tssecsrv - ok
20:16:18.0264 0748 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:16:18.0265 0748 TsUsbFlt - ok
20:16:18.0308 0748 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:16:18.0310 0748 tunnel - ok
20:16:18.0341 0748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:16:18.0343 0748 uagp35 - ok
20:16:18.0390 0748 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:16:18.0398 0748 udfs - ok
20:16:18.0453 0748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:16:18.0455 0748 uliagpkx - ok
20:16:18.0475 0748 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:16:18.0477 0748 umbus - ok
20:16:18.0501 0748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:16:18.0502 0748 UmPass - ok
20:16:18.0547 0748 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:16:18.0548 0748 USBAAPL64 - ok
20:16:18.0563 0748 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:16:18.0565 0748 usbccgp - ok
20:16:18.0583 0748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:16:18.0585 0748 usbcir - ok
20:16:18.0602 0748 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:16:18.0604 0748 usbehci - ok
20:16:18.0627 0748 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:16:18.0632 0748 usbhub - ok
20:16:18.0653 0748 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:16:18.0655 0748 usbohci - ok
20:16:18.0672 0748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:16:18.0673 0748 usbprint - ok
20:16:18.0702 0748 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:16:18.0704 0748 usbscan - ok
20:16:18.0719 0748 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:16:18.0721 0748 USBSTOR - ok
20:16:18.0740 0748 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:16:18.0742 0748 usbuhci - ok
20:16:18.0774 0748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:16:18.0776 0748 vdrvroot - ok
20:16:18.0801 0748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:16:18.0802 0748 vga - ok
20:16:18.0821 0748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:16:18.0822 0748 VgaSave - ok
20:16:18.0848 0748 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:16:18.0851 0748 vhdmp - ok
20:16:18.0868 0748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:16:18.0870 0748 viaide - ok
20:16:18.0886 0748 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:16:18.0887 0748 volmgr - ok
20:16:18.0919 0748 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:16:18.0923 0748 volmgrx - ok
20:16:18.0952 0748 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:16:18.0956 0748 volsnap - ok
20:16:18.0997 0748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:16:19.0000 0748 vsmraid - ok
20:16:19.0030 0748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:16:19.0031 0748 vwifibus - ok
20:16:19.0087 0748 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
20:16:19.0088 0748 wacmoumonitor - ok
20:16:19.0124 0748 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
20:16:19.0125 0748 wacommousefilter - ok
20:16:19.0145 0748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:16:19.0147 0748 WacomPen - ok
20:16:19.0182 0748 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
20:16:19.0184 0748 wacomvhid - ok
20:16:19.0214 0748 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:16:19.0216 0748 WANARP - ok
20:16:19.0221 0748 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:16:19.0222 0748 Wanarpv6 - ok
20:16:19.0266 0748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:16:19.0268 0748 Wd - ok
20:16:19.0300 0748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:16:19.0307 0748 Wdf01000 - ok
20:16:19.0356 0748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:16:19.0357 0748 WfpLwf - ok
20:16:19.0380 0748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:16:19.0382 0748 WIMMount - ok
20:16:19.0468 0748 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:16:19.0470 0748 WinUsb - ok
20:16:19.0516 0748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:16:19.0517 0748 WmiAcpi - ok
20:16:19.0570 0748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:16:19.0571 0748 ws2ifsl - ok
20:16:19.0618 0748 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:16:19.0620 0748 WudfPf - ok
20:16:19.0646 0748 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:16:19.0650 0748 WUDFRd - ok
20:16:19.0688 0748 MBR (0x1B8) (ad1268de27a559c0491ee1533b42c5e5) \Device\Harddisk0\DR0
20:16:19.0880 0748 \Device\Harddisk0\DR0 - ok
20:16:19.0889 0748 Boot (0x1200) (b140b07f42710943b778557b0495c76c) \Device\Harddisk0\DR0\Partition0
20:16:19.0890 0748 \Device\Harddisk0\DR0\Partition0 - ok
20:16:19.0904 0748 Boot (0x1200) (686ed83f0e090c6da7b8ce8eae71de74) \Device\Harddisk0\DR0\Partition1
20:16:19.0905 0748 \Device\Harddisk0\DR0\Partition1 - ok
20:16:19.0949 0748 Boot (0x1200) (676ba433eb6efa93f1e6a15c54ab8f36) \Device\Harddisk0\DR0\Partition2
20:16:19.0950 0748 \Device\Harddisk0\DR0\Partition2 - ok
20:16:19.0950 0748 ============================================================
20:16:19.0950 0748 Scan finished
20:16:19.0950 0748 ============================================================
20:16:19.0988 4924 Detected object count: 0
20:16:19.0988 4924 Actual detected object count: 0

Edited by lovescream, 19 January 2012 - 11:24 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 19 January 2012 - 11:34 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 20 January 2012 - 12:26 AM

I realized that the sign up thing I said, was just due to my add-on.


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 21:22:03
-----------------------------
21:22:03.514 OS Version: Windows x64 6.1.7601 Service Pack 1
21:22:03.514 Number of processors: 2 586 0x170A
21:22:03.515 ComputerName: DONGHYEOKKIM-PC UserName: Donghyeok Kim
21:22:05.041 Initialize success
21:22:30.091 AVAST engine defs: 12011902
21:22:34.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:22:34.882 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
21:22:34.899 Disk 0 MBR read successfully
21:22:34.903 Disk 0 MBR scan
21:22:34.910 Disk 0 unknown MBR code
21:22:34.924 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:22:34.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598194 MB offset 206848
21:22:34.984 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12184 MB offset 1225308160
21:22:34.989 Service scanning
21:22:35.927 Modules scanning
21:22:35.927 Disk 0 trace - called modules:
21:22:35.947 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:22:35.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cf6060]
21:22:35.957 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005bec050]
21:22:39.390 AVAST engine scan C:\Windows
21:22:42.542 AVAST engine scan C:\Windows\system32
21:24:10.708 AVAST engine scan C:\Windows\system32\drivers
21:24:20.540 AVAST engine scan C:\Users\Donghyeok Kim
21:25:05.156 Disk 0 MBR has been saved successfully to "C:\Users\Donghyeok Kim\Desktop\MBR.dat"
21:25:05.167 The log file has been saved successfully to "C:\Users\Donghyeok Kim\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 20 January 2012 - 01:10 AM

Hello

You are still being redirected?


Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 lovescream

lovescream
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 21 January 2012 - 03:56 PM

Yes I'm still being redirected, and (I'm using Google Chrome) when Internet Explorer is used, it continually has a "security alert" pop up that says,
"You are about to view pages over a secure connection.
Any information you exchange with this site cannot be viewed by anyone else over the web.

ㅁIn the future, do not show this warning
OK More Info"
Or
"You are about to leave a secure Internet connection. It will be possible for others to view the information you send.

Do you want to continue?
ㅁIn the future, do not show this warning
Yes No More Info"

OTL logfile created on: 1/21/2012 12:46:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Donghyeok Kim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 64.38% Memory free
11.98 Gb Paging File | 9.22 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.17 Gb Total Space | 400.88 Gb Free Space | 68.62% Space Free | Partition Type: NTFS
Drive D: | 11.90 Gb Total Space | 2.13 Gb Free Space | 17.89% Space Free | Partition Type: NTFS
Drive K: | 979.70 Mb Total Space | 889.28 Mb Free Space | 90.77% Space Free | Partition Type: FAT

Computer Name: DONGHYEOKKIM-PC | User Name: Donghyeok Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Donghyeok Kim\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Dell V305\dldtmon.exe ()
PRC - C:\Program Files (x86)\Dell V305\dldtmsdmon.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\hp\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll ()
MOD - C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll ()
MOD - C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll ()
MOD - C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll ()
MOD - C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll ()
MOD - C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\AIM\nssckbi.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtmon.exe ()
MOD - C:\Program Files (x86)\Dell V305\dldtmsdmon.exe ()
MOD - C:\Program Files (x86)\Dell V305\dldtdrs.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtscw.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtcaps.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtmonr.dll ()
MOD - C:\Program Files (x86)\Dell V305\app4r.monitor.core.dll ()
MOD - C:\Program Files (x86)\Dell V305\app4r.monitor.common.dll ()
MOD - C:\Program Files (x86)\Dell V305\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files (x86)\Dell V305\DLDTcfg.dll ()
MOD - C:\Program Files (x86)\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtcnv4.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtdatr.dll ()
MOD - C:\Program Files (x86)\Dell V305\dldtcats.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (dldt_device) -- C:\Windows\SysNative\dldtcoms.exe ( )
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (dldt_device) -- C:\Windows\SysWow64\dldtcoms.exe ( )
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NPFW) -- C:\Windows\SysNative\NpfwVt64.sys (INCA Internet Co.,Ltd.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (NPIDS) -- C:\Windows\SysNative\NPIdsVt64.sys (INCA Internet Co., Ltd.)
DRV:64bit: - (PaeFireStudio) -- C:\Windows\SysNative\drivers\PaeFireStudio.sys (PreSonus Audio Electronics)
DRV:64bit: - (PaeFireStudioMidi) -- C:\Windows\SysNative\drivers\PaeFireStudioMidi.sys (PreSonus Audio Electronics)
DRV:64bit: - (PaeFireStudioAudio) -- C:\Windows\SysNative\drivers\PaeFireStudioAudio.sys (PreSonus Audio Electronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV - (GGSAFERDriver) -- C:\Program Files (x86)\Garena\safedrv.sys ()
DRV - (NPFW) -- C:\Windows\SysWOW64\NpfwVt64.sys (INCA Internet Co.,Ltd.)
DRV - (NPIDS) -- C:\Windows\SysWOW64\NPIdsVt64.sys (INCA Internet Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Donghyeok Kim\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Donghyeok Kim\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Donghyeok Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2011/05/11 21:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Donghyeok Kim\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: GamePlayLabs Plugin (Enabled) = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Donghyeok Kim\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Donghyeok Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/17 17:03:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [dldtamon] C:\Program Files (x86)\Dell V305\dldtamon.exe ()
O4:64bit: - HKLM..\Run: [dldtmon.exe] C:\Program Files (x86)\Dell V305\dldtmon.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000..\Run: [Akamai NetSession Interface] C:\Users\Donghyeok Kim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Donghyeok Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} http://download.kbstar.com/security/nprotect/netizenv55/npenkIEInstall5.cab (nProtect Netizen v5.5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D946C227-0260-468D-B37A-3777880DC02A}: NameServer = 208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = lhjj] -- "C:\Windows\system32\config\systemprofile\AppData\Local\nkk.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = lhjj] -- "C:\Windows\system32\config\systemprofile\AppData\Local\nkk.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 06:43:46 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{BE5CC551-8D8A-49A5-96D0-9D49901A088F}
[2012/01/20 15:17:41 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{AC98BCE9-CC5D-4CF1-AA05-B79FDCC4624E}
[2012/01/20 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{50204B70-9F8A-4155-930D-A04A3C5F76AF}
[2012/01/19 20:59:42 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{AC1598A9-A03D-41D7-A4A9-F756332155B6}
[2012/01/19 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{A1BA07DD-BF5C-498E-8DBB-FE0227F8C6F3}
[2012/01/19 09:16:48 | 000,334,432 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npidsxU.dll
[2012/01/19 09:16:48 | 000,334,432 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\npidsxU.dll
[2012/01/19 09:16:48 | 000,299,328 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\TeCtrlu.dll
[2012/01/19 09:16:48 | 000,233,792 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\nPFWU.dll
[2012/01/19 09:16:48 | 000,233,792 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\nPFWU.dll
[2012/01/19 09:16:48 | 000,227,936 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\nPFWFltU.dll
[2012/01/19 09:16:48 | 000,227,936 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\nPFWFltU.dll
[2012/01/19 09:16:48 | 000,142,656 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysWow64\NpfwVt64.sys
[2012/01/19 09:16:48 | 000,142,656 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysNative\NpfwVt64.sys
[2012/01/19 09:16:48 | 000,123,712 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysWow64\NpfwVt.sys
[2012/01/19 09:16:48 | 000,123,712 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysNative\NpfwVt.sys
[2012/01/19 09:16:48 | 000,123,432 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysWow64\Npfw4.sys
[2012/01/19 09:16:48 | 000,123,432 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysNative\Npfw4.sys
[2012/01/19 09:16:48 | 000,114,920 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npids4.sys
[2012/01/19 09:16:48 | 000,114,920 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\npids4.sys
[2012/01/19 09:16:48 | 000,108,736 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysWow64\Npfw.sys
[2012/01/19 09:16:48 | 000,108,736 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysNative\Npfw.sys
[2012/01/19 09:16:48 | 000,082,496 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysWow64\npfwflt.sys
[2012/01/19 09:16:48 | 000,082,496 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysNative\npfwflt.sys
[2012/01/19 09:16:48 | 000,081,120 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysWow64\npfwflt4.sys
[2012/01/19 09:16:48 | 000,081,120 | ---- | C] (INCA Internet Co.,Ltd.) -- C:\Windows\SysNative\npfwflt4.sys
[2012/01/19 09:16:48 | 000,061,920 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npids.sys
[2012/01/19 09:16:48 | 000,061,920 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\npids.sys
[2012/01/19 09:16:48 | 000,054,880 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\NPIdsVt64.sys
[2012/01/19 09:16:48 | 000,054,880 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\NPIdsVt64.sys
[2012/01/19 09:16:48 | 000,047,200 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\NPIdsVt.sys
[2012/01/19 09:16:48 | 000,047,200 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysNative\NPIdsVt.sys
[2012/01/19 09:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\INCA Shared
[2012/01/19 09:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\INCAInternet UnInstall
[2012/01/19 09:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\INCAInternet
[2012/01/19 09:15:41 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/01/18 23:45:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/18 23:01:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/18 20:53:08 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{681D7E68-02E7-48B3-BACB-58A734DFCBF9}
[2012/01/18 20:52:54 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{1648D5C6-C7F7-484C-BAB8-35983B5B5CDC}
[2012/01/17 16:49:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/17 16:49:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/17 16:49:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/17 16:49:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/17 16:46:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/17 16:34:58 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{268FFD2B-9B17-4789-9688-297182261185}
[2012/01/17 16:34:42 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{C1C3AFC7-58D9-46FC-940F-4339DF31D44E}
[2012/01/16 20:57:23 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/16 19:07:57 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{FC00DA88-BA00-4FA5-8402-8205D2A06DFA}
[2012/01/16 19:07:35 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{66498989-4442-4AD5-B887-7F047A989BC3}
[2012/01/16 17:22:36 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\Desktop\21-Smoke-Brush
[2012/01/16 07:07:10 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{0733FC46-41BF-4E8F-AC72-EFEE9FADC46E}
[2012/01/16 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{AB5A0476-B4D2-4317-B7CA-35B0A4CF506B}
[2012/01/15 13:46:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/15 13:37:10 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{6857DA4F-00BA-4C26-9E7B-0DB9AE377190}
[2012/01/15 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{52BE7E6E-0AB3-4CBD-BFEA-E617212F5A91}
[2012/01/14 22:44:22 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{7DB0671D-6DBA-4669-89DD-19C9277D57B3}
[2012/01/14 22:44:00 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{7CD0BAD0-39C9-4951-A9BA-9E55DE08EDF8}
[2012/01/14 10:43:35 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{2CDBCD7B-1D99-4399-AD17-B74E18770A2C}
[2012/01/14 10:43:24 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{F25B614C-120B-4C3F-9DD7-2DA39384495B}
[2012/01/13 16:17:40 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012/01/13 16:17:40 | 000,020,480 | ---- | C] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\drivers\mvusbews.sys
[2012/01/13 16:10:54 | 000,126,520 | R--- | C] (HP) -- C:\Windows\SysNative\HPSIsvc.exe
[2012/01/13 16:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2012/01/13 16:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/01/13 14:07:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/01/13 14:04:39 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{6AF98045-5F87-4F3F-8047-C057375DD235}
[2012/01/13 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{C3949FC6-2A43-46CE-A0E6-E2CDC1ED5698}
[2012/01/12 15:34:41 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{6DE81E4A-3E58-4054-B55A-21F36E170C02}
[2012/01/12 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{79B7DF6E-6A8C-4F77-8C69-DBACD618B7EC}
[2012/01/12 03:12:13 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{7C6C72E8-4C95-460B-9A1E-6D432A8EAD05}
[2012/01/12 03:11:51 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{12DDA707-83D1-4620-8009-488253AD5D35}
[2012/01/11 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{E5A39C11-935E-4E20-B269-CCB1DE5F12C4}
[2012/01/11 15:11:26 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{C8D5DB09-B9AD-4170-9C26-F6F66521CB00}
[2012/01/10 16:43:51 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/10 16:43:50 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/10 16:43:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/10 16:43:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/10 16:43:48 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/10 16:43:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/10 16:43:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 16:36:30 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{770494BC-C14B-43F0-BE23-164FD95C3D05}
[2012/01/10 16:36:19 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{762A42E1-7465-4CFF-93D6-F926D96E61C0}
[2012/01/09 15:18:14 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{5E733725-B6EC-40D9-8A4C-6113DB0DE084}
[2012/01/09 15:18:04 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{74FC8C4B-A918-4DC4-B74C-A5A730062472}
[2012/01/08 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{DB510F2E-97B2-4333-883F-1DA70C51C319}
[2012/01/08 20:34:06 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{00F5C6FB-7941-4101-93EA-3CC6D9AC176E}
[2012/01/08 15:45:17 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\Screenshot Studio
[2012/01/08 15:44:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\System Restore
[2012/01/08 15:44:19 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screenshot Studio
[2012/01/08 15:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screenshot Studio
[2012/01/08 15:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screenshot Studio
[2012/01/08 08:33:39 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{5323ABFC-3FA4-4599-8438-ABCB71FA5D53}
[2012/01/08 08:33:29 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{CC3D4608-048E-4DFD-99A9-491401A8285D}
[2012/01/07 20:17:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/01/07 17:18:55 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\Documents\ForceField Shared Files
[2012/01/07 17:18:04 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\CheckPoint
[2012/01/07 17:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/07 17:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/01/07 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/01/07 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{771EEEED-0A24-4B4E-90BC-CC119DE2288C}
[2012/01/07 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{C55FB2A6-A76E-4D57-AB50-EBAACF677F29}
[2012/01/06 17:20:09 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/01/06 16:08:08 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\Chromium
[2012/01/06 16:02:03 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2012/01/06 16:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2012/01/06 16:02:01 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\Documents\Heroes of Newerth
[2012/01/06 16:01:43 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/01/06 16:01:43 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/01/06 16:01:43 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/01/06 16:01:42 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/01/06 16:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2012/01/06 15:22:16 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{0139D03E-8E53-4798-96A5-2518ABEB78A4}
[2012/01/06 15:22:06 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{3F7AA053-4D56-4F3D-B3AC-5270EC8E2133}
[2012/01/05 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{3341CF59-D9B6-420B-9A07-C41B39AFCB9E}
[2012/01/05 15:38:04 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{745FE7A9-3BEE-4B0C-ACDD-369387642825}
[2012/01/04 23:36:48 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\RenPy
[2012/01/04 23:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Katawa Shoujo
[2012/01/04 16:23:56 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{9D74EF12-8C3F-4E58-A9DF-1AD6AFF47209}
[2012/01/04 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{094FAAC6-146A-4AB7-BABF-68B16768421D}
[2012/01/03 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\SanctionedMedia
[2012/01/03 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{4EFCA110-E22D-48B0-BDF5-E289828B6421}
[2012/01/03 15:15:03 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{2806128C-7FDC-4689-BB17-5F6C72097D4E}
[2012/01/02 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{43905894-8B95-457C-AA51-6D0E5A810B7D}
[2012/01/02 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{9202D2E9-3AD3-4712-A8DC-3CC0F9495943}
[2012/01/02 07:02:28 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{88E1A681-0E8E-4364-9422-96ED1C7989A1}
[2012/01/02 07:02:16 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{603E25A3-1A54-4515-A9F5-B3913AC837C7}
[2012/01/01 12:44:32 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{47B9AA2C-D677-41C0-9654-1B3A0FFE06BB}
[2012/01/01 12:44:21 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{2A7D2703-14CD-4F7F-AA83-BC8FD3340488}
[2011/12/31 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{3CF51536-0E3C-48CE-9AF4-9F579C357D73}
[2011/12/31 08:51:17 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{8CB3BA53-F7D7-404D-BFAF-ECA1CD018137}
[2011/12/31 08:51:02 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{388F2188-9643-4E49-BA4F-DAC2378C9266}
[2011/12/30 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{28CC26B9-501C-4F68-99A0-BCD4E75A9BFD}
[2011/12/30 15:29:35 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{46CFD31A-8F1C-4A9B-B622-E1A88FF12C37}
[2011/12/30 00:28:11 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{14D6442C-2A3C-4897-B37F-3970D4C27ED7}
[2011/12/30 00:27:50 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{BC3F04D1-A5F9-4E3F-8326-4400B60CA318}
[2011/12/29 15:52:48 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\Desktop\ifunbox_en
[2011/12/29 15:35:15 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\Desktop\option
[2011/12/29 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\Macroplant
[2011/12/29 12:27:26 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{E9E164FC-0F3E-4C37-BE70-9E3A818ACA17}
[2011/12/29 12:27:16 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{0C8CFFCD-7CCB-47EA-B236-2C3744BC9693}
[2011/12/28 14:16:57 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{79225E14-5F48-4A5C-9BBF-F483949B502A}
[2011/12/28 14:16:47 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{EE641698-4B7C-4130-9A30-864167B3EDC3}
[2011/12/27 20:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp
[2011/12/27 20:22:46 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\IDMComp
[2011/12/27 20:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit
[2011/12/27 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2011/12/27 19:52:16 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\Downloaded Installations
[2011/12/27 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{9AE139D1-9FCF-4DB7-86EB-E1F795D01903}
[2011/12/27 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{52D53CDC-8334-4B09-B348-66317DBC8E79}
[2011/12/26 20:52:33 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{EEF661A9-2A64-41AE-8577-88825326EDF0}
[2011/12/26 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{529B3288-A825-4A71-B68E-0097F95B5280}
[2011/12/25 11:55:42 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{F7761C21-9A9F-4420-986E-95F11FC6A3F4}
[2011/12/25 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{DC673EB1-8D11-45DF-A1F5-EBE019B591BB}
[2011/12/24 23:55:05 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{C2729AEE-F2F3-4476-8E61-0E87DB926E09}
[2011/12/24 23:54:43 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{E251D3ED-30A5-44A3-A408-76E8CF35BDF8}
[2011/12/24 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Roaming\Dell Imaging Toolbox
[2011/12/24 22:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2011/12/24 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V305
[2011/12/24 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell V305
[2011/12/24 22:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers
[2011/12/24 22:07:30 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtserv.dll
[2011/12/24 22:07:30 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dldtgf.dll
[2011/12/24 22:07:30 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomc.dll
[2011/12/24 22:07:30 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtusb1.dll
[2011/12/24 22:07:30 | 000,675,328 | ---- | C] ( ) -- C:\Windows\SysNative\DLDThcp.dll
[2011/12/24 22:07:30 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldthbn3.dll
[2011/12/24 22:07:30 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtpmui.dll
[2011/12/24 22:07:30 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcoms.exe
[2011/12/24 22:07:30 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtlmpm.dll
[2011/12/24 22:07:30 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcomm.dll
[2011/12/24 22:07:30 | 000,365,224 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtcfg.exe
[2011/12/24 22:07:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtinpa.dll
[2011/12/24 22:07:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtiesc.dll
[2011/12/24 22:07:30 | 000,320,168 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtih.exe
[2011/12/24 22:07:30 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldtprox.dll
[2011/12/24 22:06:36 | 000,000,000 | ---D | C] -- C:\Dell
[2011/12/24 10:21:43 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{4162F8E8-D554-44C2-803C-2657122E9683}
[2011/12/24 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{8AD7E4F6-1773-44BB-B7D7-5301740E5BF6}
[2011/12/23 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{2A3D690E-4177-42EE-A9DF-A2D3D7885436}
[2011/12/23 22:20:37 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{54F1720E-835C-4CB4-B5FD-4EB2480DC5F6}
[2011/12/23 10:20:13 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{EAF8256D-5220-4E4C-AB50-78052E83C0BB}
[2011/12/23 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{B1412996-7621-46F8-A14B-8DE4425B7845}
[2011/12/22 22:19:28 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{2BEC06A7-054E-4E3F-931B-493B64019DC5}
[2011/12/22 22:19:07 | 000,000,000 | ---D | C] -- C:\Users\Donghyeok Kim\AppData\Local\{E8EA661F-1436-4137-BFE2-FF4C4ED8DF8B}
[3 C:\Users\Donghyeok Kim\Desktop\*.tmp files -> C:\Users\Donghyeok Kim\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/21 12:44:59 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/21 12:44:59 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/21 12:44:59 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/21 12:02:14 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000UA.job
[2012/01/21 12:00:14 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/21 08:43:43 | 000,000,132 | ---- | M] () -- C:\Users\Donghyeok Kim\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/21 06:43:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/20 19:00:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/20 17:02:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2963319434-830871422-2673064414-1000Core.job
[2012/01/20 15:24:23 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 15:24:23 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 15:16:43 | 529,182,719 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 21:25:05 | 000,000,512 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\MBR.dat
[2012/01/18 15:26:45 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDonghyeok Kim.job
[2012/01/17 17:03:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/15 18:58:09 | 258,243,253 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/14 19:41:10 | 000,009,315 | ---- | M] () -- C:\ProgramData\b4087b46
[2012/01/13 19:48:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2012/01/13 16:18:24 | 000,001,069 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Katawa Shoujo.lnk
[2012/01/13 16:10:51 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2012/01/12 16:17:00 | 000,002,008 | ---- | M] () -- C:\Users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/12 16:16:57 | 000,002,081 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Youtube Downloader HD.lnk
[2012/01/12 16:16:53 | 000,003,011 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\HiJackThis.lnk
[2012/01/12 16:16:53 | 000,002,401 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Google Chrome.lnk
[2012/01/12 16:16:53 | 000,002,362 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\EloquentMS.lnk
[2012/01/12 16:16:53 | 000,002,016 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Dropbox.lnk
[2012/01/12 16:16:53 | 000,001,851 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Garena.lnk
[2012/01/12 16:16:53 | 000,001,844 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Project Blackout.lnk
[2012/01/12 16:16:53 | 000,001,347 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Screenshot Studio.lnk
[2012/01/10 16:45:08 | 000,776,426 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/08 15:44:19 | 000,001,983 | ---- | M] () -- C:\Users\Donghyeok Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Screenshot Studio.lnk
[2012/01/07 23:16:05 | 000,793,934 | ---- | M] () -- C:\Users\Donghyeok Kim\Documents\Untitled2.png
[2012/01/06 17:20:09 | 000,000,219 | ---- | M] () -- C:\Users\Donghyeok Kim\Desktop\Dota 2.url
[2012/01/05 22:38:46 | 000,015,524 | ---- | M] () -- C:\Users\Donghyeok Kim\Documents\Untitled.png
[2011/12/31 10:52:24 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/12/27 23:33:15 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 20:18:05 | 000,002,086 | ---- | M] () -- C:\Users\Donghyeok Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2011/12/27 20:18:05 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2011/12/24 22:08:57 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Dell Imaging Toolbox - V305.LNK
[2011/12/24 22:08:29 | 000,073,043 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2011/12/24 09:57:31 | 000,000,000 | ---- | M] () -- C:\ProgramData\iSpN4dL0a.dat
[3 C:\Users\Donghyeok Kim\Desktop\*.tmp files -> C:\Users\Donghyeok Kim\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 21:25:05 | 000,000,512 | ---- | C] () -- C:\Users\Donghyeok Kim\Desktop\MBR.dat
[2012/01/17 16:49:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/17 16:49:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/17 16:49:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/17 16:49:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/17 16:49:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/15 13:45:55 | 258,243,253 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/14 15:40:42 | 000,009,315 | ---- | C] () -- C:\ProgramData\b4087b46
[2012/01/13 19:48:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2012/01/13 18:48:35 | 000,049,664 | R--- | C] () -- C:\Windows\SysNative\HP1100SMs.dll
[2012/01/13 18:48:33 | 000,350,720 | ---- | C] () -- C:\Windows\SysNative\mvhlewsi.DLL
[2012/01/13 18:48:32 | 001,696,256 | ---- | C] () -- C:\Windows\SysNative\HP1100SM.EXE
[2012/01/13 16:25:37 | 000,290,304 | ---- | C] () -- C:\Windows\SysNative\HP1100LM.DLL
[2012/01/13 16:17:39 | 000,082,944 | ---- | C] () -- C:\Windows\SysNative\mvusbews.dll
[2012/01/13 16:10:51 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2012/01/08 15:44:19 | 000,001,983 | ---- | C] () -- C:\Users\Donghyeok Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Screenshot Studio.lnk
[2012/01/08 15:44:19 | 000,001,347 | ---- | C] () -- C:\Users\Donghyeok Kim\Desktop\Screenshot Studio.lnk
[2012/01/08 08:57:51 | 000,001,069 | ---- | C] () -- C:\Users\Donghyeok Kim\Desktop\Katawa Shoujo.lnk
[2012/01/07 23:16:05 | 000,793,934 | ---- | C] () -- C:\Users\Donghyeok Kim\Documents\Untitled2.png
[2012/01/07 20:33:26 | 000,002,008 | ---- | C] () -- C:\Users\Donghyeok Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/07 20:33:26 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/01/06 17:20:09 | 000,000,219 | ---- | C] () -- C:\Users\Donghyeok Kim\Desktop\Dota 2.url
[2012/01/05 22:38:46 | 000,015,524 | ---- | C] () -- C:\Users\Donghyeok Kim\Documents\Untitled.png
[2011/12/27 23:33:15 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 20:18:05 | 000,002,086 | ---- | C] () -- C:\Users\Donghyeok Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2011/12/27 20:18:05 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk
[2011/12/24 22:08:57 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Dell Imaging Toolbox - V305.LNK
[2011/12/24 22:07:32 | 000,110,080 | ---- | C] () -- C:\Windows\SysNative\dldtwupd.dll
[2011/12/24 22:07:32 | 000,015,528 | ---- | C] () -- C:\Windows\SysNative\dldtwupd.exe
[2011/12/24 22:07:30 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\dldtutil.dll
[2011/12/24 22:07:30 | 000,530,432 | ---- | C] () -- C:\Windows\SysNative\DLDTinst.dll
[2011/12/24 22:07:30 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\DLDTinst.dll
[2011/12/24 22:07:30 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldtcomx.dll
[2011/12/24 22:07:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldtinsb.dll
[2011/12/24 22:07:30 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldtins.dll
[2011/12/24 22:07:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldtjswr.dll
[2011/12/24 22:07:30 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldtinsr.dll
[2011/12/24 22:07:30 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldtcub.dll
[2011/12/24 22:07:30 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldtcu.dll
[2011/12/24 22:07:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldtcur.dll
[2011/12/24 22:07:30 | 000,001,955 | ---- | C] () -- C:\Windows\SysWow64\dldt.loc
[2011/12/24 09:57:31 | 000,000,000 | ---- | C] () -- C:\ProgramData\iSpN4dL0a.dat
[2011/12/10 14:32:36 | 000,008,592 | -HS- | C] () -- C:\Users\Donghyeok Kim\AppData\Local\m2um34a6ru1bqe
[2011/12/10 14:32:36 | 000,008,592 | -HS- | C] () -- C:\ProgramData\m2um34a6ru1bqe
[2011/11/05 16:15:25 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/11/05 16:13:07 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/09/24 14:14:25 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/18 23:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/18 23:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/09/05 19:00:01 | 000,000,132 | ---- | C] () -- C:\Users\Donghyeok Kim\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/07/13 22:19:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/13 22:18:59 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/23 14:30:51 | 000,045,286 | ---- | C] () -- C:\Users\Donghyeok Kim\AppData\Roaming\room_v3.dat
[2011/03/30 14:09:49 | 000,010,752 | ---- | C] () -- C:\Users\Donghyeok Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/26 23:16:55 | 000,000,132 | ---- | C] () -- C:\Users\Donghyeok Kim\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/02/22 11:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 11:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/18 15:00:26 | 000,776,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/23 12:41:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll
[2009/07/15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/14 13:57:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll
[2009/04/01 10:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2008/01/22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll
[2007/11/13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1085 bytes -> C:\Users\Donghyeok Kim\AppData\Local\3DLrIRPC5UGCiB:OuGx6Yjwl3nrKJUdUFiw4t4H4Nt7C

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:30 PM

Posted 21 January 2012 - 06:02 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O3 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O3 - HKU\S-1-5-21-2963319434-830871422-2673064414-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
    O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
    O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 1085 bytes -> C:\Users\Donghyeok Kim\AppData\Local\3DLrIRPC5UGCiB:OuGx6Yjwl3nrKJUdUFiw4t4H4Nt7C  
    [2011/12/10 14:32:36 | 000,008,592 | -HS- | C] () -- C:\Users\Donghyeok Kim\AppData\Local\m2um34a6ru1bqe
    [2011/12/10 14:32:36 | 000,008,592 | -HS- | C] () -- C:\ProgramData\m2um34a6ru1bqe
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users