Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome redirects to websearch.ask.com


  • This topic is locked This topic is locked
15 replies to this topic

#1 articaine

articaine

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 02 September 2012 - 04:30 AM

Hello all!

I have Chrome that redirects when only the subject is entered in the address line. If I enter fish, it will goto websearch.ask.com, but if I enter www.fish.com it will go there. In Internet Explorer this is not affected. Malwarebytes and Microsoft Essentials do not remove. Had this issue once before and was able to remove with TDSS, but not this time.

Thanks for your time in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Ryoo at 2:13:53 on 2012-09-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4235 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\windows\system32\taskeng.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://finance.yahoo.com/
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Google Update] "C:\Users\Ryoo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F69F0594-346F-46A3-9AC9-66DB238A25F7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F69F0594-346F-46A3-9AC9-66DB238A25F7}\2597F6F6444435 : DhcpNameServer = 192.168.16.2
TCP: Interfaces\{F69F0594-346F-46A3-9AC9-66DB238A25F7}\54E434F42554934433134303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F69F0594-346F-46A3-9AC9-66DB238A25F7}\E435343534D26455C4D275946494 : DhcpNameServer = 4.2.2.4 4.2.2.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 RapportKE64;RapportKE64;C:\windows\system32\Drivers\RapportKE64.sys --> C:\windows\system32\Drivers\RapportKE64.sys [?]
R1 RapportCerberus_42020;RapportCerberus_42020;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-8-11 397720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-7-29 55096]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-7-29 297240]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-5-31 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-14 2009704]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-7-29 976728]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;\??\C:\windows\system32\Drivers\SSPORT.sys --> C:\windows\system32\Drivers\SSPORT.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-16 2655768]
R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2011-2-17 245760]
R3 busenum;Synology Virtual USB Hub;C:\windows\system32\DRIVERS\busenum.sys --> C:\windows\system32\DRIVERS\busenum.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/03/16 18:22:46;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-8-24 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FlyUsb;FLY Fusion;C:\windows\system32\DRIVERS\FlyUsb.sys --> C:\windows\system32\DRIVERS\FlyUsb.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Samsung UPD Service;Samsung UPD Service;"C:\windows\System32\SUPDSvc.exe" --> C:\windows\System32\SUPDSvc.exe [?]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\windows\system32\DRIVERS\SNTUSB64.SYS --> C:\windows\system32\DRIVERS\SNTUSB64.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-02 07:54:35 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{086F4F95-6696-46B3-BAD4-A7C6FCC53978}\mpengine.dll
2012-09-02 06:40:53 256000 ----a-w- C:\windows\PEV.exe
2012-08-31 04:25:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-31 04:25:07 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-28 03:02:21 -------- d-----w- C:\Users\Ryoo\AppData\Local\{487B018E-9258-4F98-84AA-4ACA49A820DC}
2012-08-27 01:15:49 -------- d-----w- C:\Users\Ryoo\AppData\Local\{E9B1BDD6-E72F-43BA-92E5-C7117A9639E2}
2012-08-25 20:59:42 -------- d-----w- C:\Users\Ryoo\AppData\Local\{E58836A4-AA47-4EE7-969F-1CE33F26A9D2}
2012-08-24 18:54:40 -------- d-----w- C:\Users\Ryoo\AppData\Local\{F5405229-E6E4-477B-AB8B-BEB5609239FA}
2012-08-15 06:22:28 -------- d-----w- C:\Users\Ryoo\AppData\Local\{9BD09840-94C0-4FE8-9991-2899351CFC0C}
2012-08-15 06:10:17 -------- d-----w- C:\Users\Ryoo\AppData\Local\{83232839-FAE1-415A-B95B-DD00EB3D2341}
2012-08-15 06:05:29 -------- d-----w- C:\Users\Ryoo\AppData\Local\{83A0D2D2-A56F-4064-BC79-7DACB90C27A7}
2012-08-07 04:35:53 -------- d-----w- C:\Program Files (x86)\MediaMall
2012-08-07 04:34:41 -------- d-----w- C:\ProgramData\MediaMall
.
==================== Find3M ====================
.
2012-09-02 08:06:46 345600 ----a-w- C:\windows\SetLCDStretchMode.exe
2012-09-02 08:06:22 407040 ----a-w- C:\windows\HotfixChecker.exe
2012-09-02 08:04:15 4633992 ----a-w- C:\windows\System32\ETDUI.cpl
2012-09-02 08:04:13 118664 ----a-w- C:\windows\System32\drivers\ETD.sys
2012-07-30 03:52:38 101688 ----a-w- C:\windows\System32\drivers\RapportKE64.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-13 04:35:10 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 04:35:10 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 23:04:24 28528 ----a-w- C:\windows\System32\drivers\povrtdev.sys
2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2012-07-06 05:06:30 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-07-06 05:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-07-03 20:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
.
============= FINISH: 2:14:33.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 04 September 2012 - 05:55 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, articaine

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 04 September 2012 - 05:57 AM

Hello,

Please post ComboFix log located in C:\ComboFix.txt and paste it in your next reply.

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log
ComboFix log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 05 September 2012 - 02:42 AM

Attached File  aswMBR.zip   952bytes   1 downloadsHi Conspire,

Thanks for your help. Here are the logs

1. Combofix

ComboFix 12-09-04.03 - Ryoo 09/04/2012 21:35:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4209 [GMT -7:00]
Running from: c:\users\Ryoo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryoo\AppData\Local\Temp\{D6C54862-9D44-4C4E-8523-175855E047D4}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 04:42 . 2012-09-05 04:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-03 06:35 . 2012-09-03 06:35 -------- d-----w- c:\users\Ryoo\AppData\Roaming\ParetoLogic
2012-09-03 06:32 . 2012-09-03 06:32 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-09-03 06:32 . 2012-09-03 06:32 -------- d-----w- c:\programdata\ParetoLogic
2012-09-03 06:32 . 2012-09-03 06:32 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-09-03 06:29 . 2012-09-03 06:29 -------- d-----w- c:\users\Ryoo\AppData\Roaming\YourFileDownloader
2012-09-03 06:05 . 2012-09-03 06:05 -------- d-----w- c:\users\Ryoo\AppData\Roaming\SpeedyPC Software
2012-09-03 06:05 . 2012-09-03 06:05 -------- d-----w- c:\users\Ryoo\AppData\Roaming\DriverCure
2012-09-03 06:05 . 2012-09-03 06:36 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-02 23:57 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 23:26 . 2012-09-02 23:26 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2012-09-02 09:45 . 2012-09-02 09:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB5562FF-2B20-44FA-8754-0594F4ECA57C}\gapaengine.dll
2012-09-02 07:54 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{086F4F95-6696-46B3-BAD4-A7C6FCC53978}\mpengine.dll
2012-08-31 04:25 . 2012-09-02 09:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-31 04:25 . 2012-09-02 09:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-07 04:34 . 2012-09-03 06:39 -------- d-----w- c:\programdata\MediaMall
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 08:06 . 2011-03-16 10:05 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-09-02 08:06 . 2011-03-16 10:05 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-09-02 08:04 . 2012-02-09 07:34 249736 ----a-w- c:\windows\ETDUninst.dll
2012-08-16 04:29 . 2011-08-13 06:17 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-30 03:52 . 2011-12-10 08:33 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-07-13 04:35 . 2012-04-03 03:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 04:35 . 2011-08-21 05:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-08 23:04 . 2012-07-08 23:04 28528 ----a-w- c:\windows\system32\drivers\povrtdev.sys
2012-07-06 05:06 . 2012-07-13 14:50 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 05:06 . 2011-09-16 04:14 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 20:46 . 2011-08-13 06:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 12:51 . 2011-10-18 05:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-09 05:43 . 2012-07-12 15:03 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-11-15 324976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/03/16 18:22;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2008-07-11 58664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-01-17 25960]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-30 101688]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-12 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-07-30 55096]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-07-30 297240]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-07-30 976728]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-07 11576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-03 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-03 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-25 409192]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-11-30 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007334548-303238922-589925700-1002Core.job
- c:\users\Ryoo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-13 06:47]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007334548-303238922-589925700-1002UA.job
- c:\users\Ryoo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-13 06:47]
.
2012-09-05 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-09-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
.
2012-09-03 c:\windows\Tasks\RegCure Pro.job
- c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-09-03 02:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 11613288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-03 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-03 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-03 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://samsung.msn.com
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
SafeBoot-61295228.sys
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\0d\053(ð"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-04 21:43:59
ComboFix-quarantined-files.txt 2012-09-05 04:43
.
Pre-Run: 150,378,864,640 bytes free
Post-Run: 149,748,756,480 bytes free
.
- - End Of File - - 3EC0BC71B263B7F8E3F1DB0D9145D2C1

2. aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 22:04:09
-----------------------------
22:04:09.747 OS Version: Windows x64 6.1.7601 Service Pack 1
22:04:09.747 Number of processors: 4 586 0x2A07
22:04:09.747 ComputerName: RYOO-PC UserName: Ryoo
22:04:10.325 Initialize success
22:04:14.911 AVAST engine defs: 12090401
22:04:56.501 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:04:56.516 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:04:56.548 Disk 0 MBR read successfully
22:04:56.548 Disk 0 MBR scan
22:04:56.548 Disk 0 unknown MBR code
22:04:56.563 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:04:56.579 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 236544 MB offset 206848
22:04:56.579 Disk 0 Partition - 00 0F Extended LBA 351827 MB offset 484648960
22:04:56.626 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 22006 MB offset 1205190656
22:04:56.672 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 351826 MB offset 484651008
22:04:56.704 Disk 0 scanning C:\windows\system32\drivers
22:05:08.965 Service scanning
22:05:37.529 Modules scanning
22:05:37.529 Disk 0 trace - called modules:
22:05:37.560 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
22:05:37.560 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e46060]
22:05:37.560 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f80050]
22:05:38.106 AVAST engine scan C:\
00:20:28.421 Scan finished successfully
00:20:57.159 Disk 0 MBR has been saved successfully to "C:\Users\Ryoo\Desktop\MBR.dat"
00:20:57.174 The log file has been saved successfully to "C:\Users\Ryoo\Desktop\aswMBR.txt"


3. TDSS

00:14:52.0883 5500 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:14:54.0896 5500 ============================================================
00:14:54.0896 5500 Current date / time: 2012/09/05 00:14:54.0896
00:14:54.0896 5500 SystemInfo:
00:14:54.0896 5500
00:14:54.0896 5500 OS Version: 6.1.7601 ServicePack: 1.0
00:14:54.0896 5500 Product type: Workstation
00:14:54.0896 5500 ComputerName: RYOO-PC
00:14:54.0896 5500 UserName: Ryoo
00:14:54.0896 5500 Windows directory: C:\windows
00:14:54.0896 5500 System windows directory: C:\windows
00:14:54.0896 5500 Running under WOW64
00:14:54.0896 5500 Processor architecture: Intel x64
00:14:54.0896 5500 Number of processors: 4
00:14:54.0896 5500 Page size: 0x1000
00:14:54.0896 5500 Boot type: Normal boot
00:14:54.0896 5500 ============================================================
00:14:55.0614 5500 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:14:55.0817 5500 ============================================================
00:14:55.0817 5500 \Device\Harddisk0\DR0:
00:14:55.0817 5500 MBR partitions:
00:14:55.0817 5500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:14:55.0817 5500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CE00000
00:14:55.0832 5500 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CE33000, BlocksNum 0x2AF29000
00:14:55.0832 5500 ============================================================
00:14:55.0973 5500 C: <-> \Device\Harddisk0\DR0\Partition2
00:14:56.0035 5500 D: <-> \Device\Harddisk0\DR0\Partition3
00:14:56.0035 5500 ============================================================
00:14:56.0035 5500 Initialize success
00:14:56.0035 5500 ============================================================
00:15:17.0782 2312 ============================================================
00:15:17.0782 2312 Scan started
00:15:17.0782 2312 Mode: Manual;
00:15:17.0782 2312 ============================================================
00:15:18.0733 2312 ================ Scan system memory ========================
00:15:18.0733 2312 System memory - ok
00:15:18.0733 2312 ================ Scan services =============================
00:15:19.0170 2312 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
00:15:19.0186 2312 1394ohci - ok
00:15:19.0295 2312 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
00:15:19.0311 2312 ACPI - ok
00:15:19.0342 2312 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
00:15:19.0357 2312 AcpiPmi - ok
00:15:19.0420 2312 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
00:15:19.0420 2312 adp94xx - ok
00:15:19.0451 2312 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
00:15:19.0467 2312 adpahci - ok
00:15:19.0513 2312 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
00:15:19.0513 2312 adpu320 - ok
00:15:19.0591 2312 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:15:19.0591 2312 AeLookupSvc - ok
00:15:19.0638 2312 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
00:15:19.0638 2312 AFD - ok
00:15:19.0654 2312 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
00:15:19.0654 2312 agp440 - ok
00:15:19.0732 2312 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
00:15:19.0747 2312 ALG - ok
00:15:19.0763 2312 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
00:15:19.0779 2312 aliide - ok
00:15:19.0794 2312 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
00:15:19.0810 2312 amdide - ok
00:15:19.0841 2312 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
00:15:19.0841 2312 AmdK8 - ok
00:15:19.0872 2312 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
00:15:19.0872 2312 AmdPPM - ok
00:15:19.0919 2312 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
00:15:19.0919 2312 amdsata - ok
00:15:19.0950 2312 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
00:15:19.0950 2312 amdsbs - ok
00:15:19.0966 2312 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
00:15:19.0966 2312 amdxata - ok
00:15:20.0013 2312 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
00:15:20.0013 2312 AppID - ok
00:15:20.0059 2312 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
00:15:20.0059 2312 AppIDSvc - ok
00:15:20.0091 2312 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
00:15:20.0091 2312 Appinfo - ok
00:15:20.0293 2312 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:15:20.0293 2312 Apple Mobile Device - ok
00:15:20.0387 2312 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
00:15:20.0387 2312 arc - ok
00:15:20.0403 2312 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
00:15:20.0403 2312 arcsas - ok
00:15:20.0418 2312 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:15:20.0418 2312 AsyncMac - ok
00:15:20.0449 2312 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
00:15:20.0465 2312 atapi - ok
00:15:20.0496 2312 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:15:20.0512 2312 AudioEndpointBuilder - ok
00:15:20.0527 2312 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
00:15:20.0527 2312 AudioSrv - ok
00:15:20.0559 2312 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
00:15:20.0559 2312 AxInstSV - ok
00:15:20.0683 2312 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
00:15:20.0683 2312 b06bdrv - ok
00:15:20.0715 2312 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
00:15:20.0715 2312 b57nd60a - ok
00:15:20.0777 2312 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
00:15:20.0793 2312 BDESVC - ok
00:15:20.0839 2312 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
00:15:20.0839 2312 Beep - ok
00:15:20.0886 2312 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
00:15:20.0902 2312 BFE - ok
00:15:21.0073 2312 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
00:15:21.0073 2312 BITS - ok
00:15:21.0120 2312 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
00:15:21.0120 2312 blbdrive - ok
00:15:21.0276 2312 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:15:21.0276 2312 Bonjour Service - ok
00:15:21.0307 2312 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:15:21.0307 2312 bowser - ok
00:15:21.0323 2312 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
00:15:21.0323 2312 BrFiltLo - ok
00:15:21.0339 2312 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
00:15:21.0339 2312 BrFiltUp - ok
00:15:21.0385 2312 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
00:15:21.0385 2312 BridgeMP - ok
00:15:21.0432 2312 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
00:15:21.0448 2312 Browser - ok
00:15:21.0495 2312 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
00:15:21.0510 2312 Brserid - ok
00:15:21.0510 2312 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
00:15:21.0526 2312 BrSerWdm - ok
00:15:21.0541 2312 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
00:15:21.0541 2312 BrUsbMdm - ok
00:15:21.0541 2312 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
00:15:21.0541 2312 BrUsbSer - ok
00:15:21.0604 2312 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
00:15:21.0604 2312 BthEnum - ok
00:15:21.0635 2312 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
00:15:21.0635 2312 BTHMODEM - ok
00:15:21.0666 2312 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
00:15:21.0666 2312 BthPan - ok
00:15:21.0744 2312 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
00:15:21.0744 2312 BTHPORT - ok
00:15:21.0807 2312 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
00:15:21.0838 2312 bthserv - ok
00:15:21.0900 2312 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
00:15:21.0931 2312 BTHUSB - ok
00:15:21.0963 2312 [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum C:\windows\system32\DRIVERS\busenum.sys
00:15:21.0963 2312 busenum - ok
00:15:22.0009 2312 catchme - ok
00:15:22.0056 2312 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:15:22.0056 2312 cdfs - ok
00:15:22.0087 2312 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
00:15:22.0087 2312 cdrom - ok
00:15:22.0119 2312 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
00:15:22.0119 2312 CertPropSvc - ok
00:15:22.0165 2312 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
00:15:22.0165 2312 circlass - ok
00:15:22.0228 2312 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
00:15:22.0259 2312 CLFS - ok
00:15:22.0509 2312 [ FE1C81A049E5C5D67C4AB7C31C899F6F ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
00:15:22.0540 2312 CLKMSVC10_38F51D56 - ok
00:15:22.0633 2312 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:15:22.0633 2312 clr_optimization_v2.0.50727_32 - ok
00:15:22.0774 2312 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:15:22.0774 2312 clr_optimization_v2.0.50727_64 - ok
00:15:23.0133 2312 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:15:23.0148 2312 clr_optimization_v4.0.30319_32 - ok
00:15:23.0179 2312 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:15:23.0179 2312 clr_optimization_v4.0.30319_64 - ok
00:15:23.0195 2312 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
00:15:23.0195 2312 clwvd - ok
00:15:23.0226 2312 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
00:15:23.0226 2312 CmBatt - ok
00:15:23.0273 2312 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
00:15:23.0289 2312 cmdide - ok
00:15:23.0398 2312 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
00:15:23.0429 2312 CNG - ok
00:15:23.0538 2312 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
00:15:23.0554 2312 Compbatt - ok
00:15:23.0601 2312 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
00:15:23.0601 2312 CompositeBus - ok
00:15:23.0663 2312 COMSysApp - ok
00:15:23.0757 2312 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
00:15:23.0757 2312 crcdisk - ok
00:15:23.0850 2312 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
00:15:23.0850 2312 CryptSvc - ok
00:15:24.0100 2312 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:15:24.0100 2312 cvhsvc - ok
00:15:24.0209 2312 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
00:15:24.0256 2312 DcomLaunch - ok
00:15:24.0334 2312 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
00:15:24.0349 2312 defragsvc - ok
00:15:24.0396 2312 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
00:15:24.0396 2312 DfsC - ok
00:15:24.0459 2312 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
00:15:24.0505 2312 Dhcp - ok
00:15:24.0568 2312 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
00:15:24.0568 2312 discache - ok
00:15:24.0583 2312 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
00:15:24.0583 2312 Disk - ok
00:15:24.0615 2312 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
00:15:24.0615 2312 Dnscache - ok
00:15:24.0756 2312 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
00:15:24.0787 2312 dot3svc - ok
00:15:24.0834 2312 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
00:15:24.0850 2312 DPS - ok
00:15:24.0896 2312 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:15:24.0896 2312 drmkaud - ok
00:15:25.0099 2312 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:15:25.0130 2312 DXGKrnl - ok
00:15:25.0177 2312 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
00:15:25.0177 2312 EapHost - ok
00:15:25.0458 2312 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
00:15:25.0552 2312 ebdrv - ok
00:15:25.0598 2312 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
00:15:25.0598 2312 EFS - ok
00:15:25.0817 2312 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
00:15:25.0848 2312 ehRecvr - ok
00:15:25.0926 2312 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
00:15:25.0973 2312 ehSched - ok
00:15:26.0269 2312 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
00:15:26.0269 2312 elxstor - ok
00:15:26.0285 2312 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
00:15:26.0285 2312 ErrDev - ok
00:15:26.0488 2312 [ 0C8324462B9791A1ECE2A329A7378A55 ] ETD C:\windows\system32\DRIVERS\ETD.sys
00:15:26.0503 2312 ETD - ok
00:15:26.0534 2312 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
00:15:26.0534 2312 EventSystem - ok
00:15:26.0971 2312 [ 7EE9F35BC1DD0CE1A4976032F9AC5162 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:15:27.0018 2312 EvtEng - ok
00:15:27.0049 2312 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
00:15:27.0065 2312 exfat - ok
00:15:27.0096 2312 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
00:15:27.0096 2312 fastfat - ok
00:15:27.0268 2312 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
00:15:27.0314 2312 Fax - ok
00:15:27.0377 2312 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
00:15:27.0377 2312 fdc - ok
00:15:27.0455 2312 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
00:15:27.0455 2312 fdPHost - ok
00:15:27.0517 2312 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
00:15:27.0548 2312 FDResPub - ok
00:15:27.0580 2312 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:15:27.0580 2312 FileInfo - ok
00:15:27.0595 2312 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:15:27.0595 2312 Filetrace - ok
00:15:27.0985 2312 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:15:27.0985 2312 FLEXnet Licensing Service - ok
00:15:28.0016 2312 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
00:15:28.0016 2312 flpydisk - ok
00:15:28.0079 2312 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:15:28.0079 2312 FltMgr - ok
00:15:28.0204 2312 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\windows\system32\DRIVERS\FlyUsb.sys
00:15:28.0204 2312 FlyUsb - ok
00:15:28.0250 2312 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
00:15:28.0266 2312 FontCache - ok
00:15:28.0328 2312 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:15:28.0328 2312 FontCache3.0.0.0 - ok
00:15:28.0360 2312 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:15:28.0360 2312 FsDepends - ok
00:15:28.0391 2312 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:15:28.0391 2312 Fs_Rec - ok
00:15:28.0484 2312 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:15:28.0547 2312 fvevol - ok
00:15:28.0609 2312 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
00:15:28.0656 2312 gagp30kx - ok
00:15:28.0843 2312 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
00:15:28.0843 2312 GameConsoleService - ok
00:15:28.0999 2312 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:15:29.0015 2312 GEARAspiWDM - ok
00:15:29.0046 2312 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
00:15:29.0077 2312 gpsvc - ok
00:15:29.0124 2312 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
00:15:29.0124 2312 hcw85cir - ok
00:15:29.0249 2312 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:15:29.0249 2312 HdAudAddService - ok
00:15:29.0264 2312 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
00:15:29.0296 2312 HDAudBus - ok
00:15:29.0342 2312 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
00:15:29.0342 2312 HidBatt - ok
00:15:29.0358 2312 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
00:15:29.0389 2312 HidBth - ok
00:15:29.0420 2312 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
00:15:29.0436 2312 HidIr - ok
00:15:29.0576 2312 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
00:15:29.0576 2312 hidserv - ok
00:15:29.0670 2312 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
00:15:29.0670 2312 HidUsb - ok
00:15:29.0764 2312 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
00:15:29.0795 2312 hkmsvc - ok
00:15:29.0842 2312 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:15:29.0857 2312 HomeGroupListener - ok
00:15:29.0888 2312 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:15:29.0935 2312 HomeGroupProvider - ok
00:15:30.0029 2312 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
00:15:30.0091 2312 HpSAMD - ok
00:15:30.0200 2312 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
00:15:30.0247 2312 HTTP - ok
00:15:30.0325 2312 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:15:30.0325 2312 hwpolicy - ok
00:15:30.0372 2312 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
00:15:30.0419 2312 i8042prt - ok
00:15:30.0528 2312 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
00:15:30.0528 2312 iaStor - ok
00:15:30.0575 2312 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
00:15:30.0575 2312 iaStorV - ok
00:15:30.0668 2312 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:15:30.0684 2312 idsvc - ok
00:15:31.0495 2312 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
00:15:31.0745 2312 igfx - ok
00:15:31.0807 2312 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
00:15:31.0807 2312 iirsp - ok
00:15:31.0948 2312 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
00:15:31.0948 2312 IKEEXT - ok
00:15:32.0088 2312 [ B54138716EC5945BAE6914AD8DA086C0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
00:15:32.0119 2312 IntcAzAudAddService - ok
00:15:32.0228 2312 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
00:15:32.0260 2312 IntcDAud - ok
00:15:32.0291 2312 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
00:15:32.0291 2312 intelide - ok
00:15:32.0306 2312 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
00:15:32.0306 2312 intelppm - ok
00:15:32.0353 2312 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
00:15:32.0384 2312 IPBusEnum - ok
00:15:32.0431 2312 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:15:32.0494 2312 IpFilterDriver - ok
00:15:32.0634 2312 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
00:15:32.0650 2312 iphlpsvc - ok
00:15:32.0665 2312 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
00:15:32.0665 2312 IPMIDRV - ok
00:15:32.0743 2312 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:15:32.0790 2312 IPNAT - ok
00:15:32.0868 2312 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:15:32.0899 2312 iPod Service - ok
00:15:32.0915 2312 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
00:15:32.0915 2312 IRENUM - ok
00:15:32.0946 2312 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
00:15:32.0946 2312 isapnp - ok
00:15:32.0962 2312 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
00:15:32.0977 2312 iScsiPrt - ok
00:15:33.0008 2312 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
00:15:33.0024 2312 kbdclass - ok
00:15:33.0102 2312 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
00:15:33.0102 2312 kbdhid - ok
00:15:33.0133 2312 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
00:15:33.0133 2312 KeyIso - ok
00:15:33.0196 2312 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:15:33.0196 2312 KSecDD - ok
00:15:33.0211 2312 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:15:33.0211 2312 KSecPkg - ok
00:15:33.0258 2312 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
00:15:33.0320 2312 ksthunk - ok
00:15:33.0414 2312 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
00:15:33.0414 2312 KtmRm - ok
00:15:33.0461 2312 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
00:15:33.0492 2312 LanmanServer - ok
00:15:33.0539 2312 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:15:33.0570 2312 LanmanWorkstation - ok
00:15:33.0976 2312 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
00:15:34.0007 2312 LeapFrog Connect Device Service - ok
00:15:34.0022 2312 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:15:34.0038 2312 lltdio - ok
00:15:34.0069 2312 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
00:15:34.0069 2312 lltdsvc - ok
00:15:34.0069 2312 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
00:15:34.0085 2312 lmhosts - ok
00:15:34.0163 2312 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:15:34.0178 2312 LMS - ok
00:15:34.0210 2312 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
00:15:34.0225 2312 LSI_FC - ok
00:15:34.0256 2312 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
00:15:34.0288 2312 LSI_SAS - ok
00:15:34.0334 2312 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
00:15:34.0366 2312 LSI_SAS2 - ok
00:15:34.0397 2312 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
00:15:34.0428 2312 LSI_SCSI - ok
00:15:34.0475 2312 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
00:15:34.0490 2312 luafv - ok
00:15:34.0568 2312 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
00:15:34.0568 2312 Mcx2Svc - ok
00:15:34.0600 2312 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
00:15:34.0615 2312 megasas - ok
00:15:34.0678 2312 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
00:15:34.0693 2312 MegaSR - ok
00:15:34.0709 2312 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
00:15:34.0724 2312 MEIx64 - ok
00:15:34.0771 2312 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
00:15:34.0802 2312 MMCSS - ok
00:15:34.0818 2312 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
00:15:34.0818 2312 Modem - ok
00:15:34.0865 2312 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:15:34.0865 2312 monitor - ok
00:15:34.0927 2312 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
00:15:34.0990 2312 mouclass - ok
00:15:35.0036 2312 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
00:15:35.0036 2312 mouhid - ok
00:15:35.0068 2312 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:15:35.0068 2312 mountmgr - ok
00:15:35.0099 2312 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
00:15:35.0099 2312 MpFilter - ok
00:15:35.0146 2312 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
00:15:35.0177 2312 mpio - ok
00:15:35.0224 2312 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys
00:15:35.0224 2312 MpNWMon - ok
00:15:35.0239 2312 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:15:35.0255 2312 mpsdrv - ok
00:15:35.0380 2312 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
00:15:35.0380 2312 MpsSvc - ok
00:15:35.0411 2312 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:15:35.0411 2312 MRxDAV - ok
00:15:35.0442 2312 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:15:35.0442 2312 mrxsmb - ok
00:15:35.0520 2312 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:15:35.0551 2312 mrxsmb10 - ok
00:15:35.0582 2312 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:15:35.0582 2312 mrxsmb20 - ok
00:15:35.0660 2312 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
00:15:35.0692 2312 msahci - ok
00:15:35.0707 2312 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
00:15:35.0707 2312 msdsm - ok
00:15:35.0723 2312 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
00:15:35.0723 2312 MSDTC - ok
00:15:35.0770 2312 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
00:15:35.0785 2312 Msfs - ok
00:15:35.0816 2312 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:15:35.0848 2312 mshidkmdf - ok
00:15:35.0957 2312 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
00:15:35.0972 2312 msisadrv - ok
00:15:36.0128 2312 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:15:36.0144 2312 MSiSCSI - ok
00:15:36.0144 2312 msiserver - ok
00:15:36.0160 2312 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
00:15:36.0191 2312 MSKSSRV - ok
00:15:36.0456 2312 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:15:36.0456 2312 MsMpSvc - ok
00:15:36.0534 2312 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:15:36.0534 2312 MSPCLOCK - ok
00:15:36.0581 2312 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:15:36.0581 2312 MSPQM - ok
00:15:36.0706 2312 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:15:36.0721 2312 MsRPC - ok
00:15:36.0784 2312 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
00:15:36.0799 2312 mssmbios - ok
00:15:36.0955 2312 MSSQL$SQLEXPRESS - ok
00:15:37.0018 2312 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
00:15:37.0018 2312 MSSQLServerADHelper - ok
00:15:37.0080 2312 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:15:37.0080 2312 MSTEE - ok
00:15:37.0189 2312 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\windows\system32\drivers\povrtdev.sys
00:15:37.0205 2312 msvad_simple - ok
00:15:37.0236 2312 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
00:15:37.0236 2312 MTConfig - ok
00:15:37.0252 2312 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
00:15:37.0252 2312 Mup - ok
00:15:37.0361 2312 [ 0CF5580F27918FFD2E165ECAFA734103 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:15:37.0376 2312 MyWiFiDHCPDNS - ok
00:15:37.0486 2312 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
00:15:37.0517 2312 napagent - ok
00:15:37.0548 2312 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:15:37.0548 2312 NativeWifiP - ok
00:15:37.0720 2312 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
00:15:37.0735 2312 NDIS - ok
00:15:37.0751 2312 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:15:37.0766 2312 NdisCap - ok
00:15:37.0798 2312 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:15:37.0798 2312 NdisTapi - ok
00:15:37.0844 2312 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:15:37.0844 2312 Ndisuio - ok
00:15:37.0891 2312 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:15:37.0891 2312 NdisWan - ok
00:15:37.0891 2312 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:15:37.0891 2312 NDProxy - ok
00:15:37.0985 2312 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:15:38.0000 2312 NetBIOS - ok
00:15:38.0047 2312 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:15:38.0063 2312 NetBT - ok
00:15:38.0078 2312 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
00:15:38.0078 2312 Netlogon - ok
00:15:38.0110 2312 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
00:15:38.0110 2312 Netman - ok
00:15:38.0125 2312 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
00:15:38.0125 2312 netprofm - ok
00:15:38.0141 2312 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:15:38.0141 2312 NetTcpPortSharing - ok
00:15:38.0952 2312 [ B9C587BDAA61A689883439D5AE6FE7F3 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
00:15:39.0155 2312 NETwNs64 - ok
00:15:39.0248 2312 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
00:15:39.0248 2312 nfrd960 - ok
00:15:39.0280 2312 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
00:15:39.0295 2312 NisDrv - ok
00:15:39.0404 2312 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:15:39.0436 2312 NisSrv - ok
00:15:39.0545 2312 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
00:15:39.0545 2312 NlaSvc - ok
00:15:39.0872 2312 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:15:39.0919 2312 NOBU - ok
00:15:40.0013 2312 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
00:15:40.0060 2312 Npfs - ok
00:15:40.0122 2312 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
00:15:40.0122 2312 nsi - ok
00:15:40.0153 2312 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:15:40.0153 2312 nsiproxy - ok
00:15:40.0325 2312 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:15:40.0340 2312 Ntfs - ok
00:15:40.0372 2312 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
00:15:40.0372 2312 Null - ok
00:15:40.0387 2312 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
00:15:40.0434 2312 nusb3hub - ok
00:15:40.0496 2312 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
00:15:40.0512 2312 nusb3xhc - ok
00:15:41.0230 2312 [ FBE6AC1C3591CB67543FAD15ABD26BCB ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
00:15:41.0510 2312 nvlddmkm - ok
00:15:41.0557 2312 [ 680C5BAF7D0190B1485068FC4BA75F1C ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
00:15:41.0557 2312 nvpciflt - ok
00:15:41.0604 2312 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
00:15:41.0635 2312 nvraid - ok
00:15:41.0729 2312 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
00:15:41.0776 2312 nvstor - ok
00:15:41.0963 2312 [ 147B0D17255FD796F990CC6F745605C5 ] NVSvc C:\windows\system32\nvvsvc.exe
00:15:41.0963 2312 NVSvc - ok
00:15:42.0431 2312 [ 812BF9531C827E1D8029843CDDB2B5D6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:15:42.0462 2312 nvUpdatusService - ok
00:15:42.0509 2312 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
00:15:42.0524 2312 nv_agp - ok
00:15:42.0571 2312 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
00:15:42.0571 2312 ohci1394 - ok
00:15:42.0712 2312 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:15:42.0758 2312 ose - ok
00:15:43.0164 2312 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:15:43.0336 2312 osppsvc - ok
00:15:43.0367 2312 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:15:43.0414 2312 p2pimsvc - ok
00:15:43.0476 2312 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
00:15:43.0507 2312 p2psvc - ok
00:15:43.0570 2312 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
00:15:43.0570 2312 Parport - ok
00:15:43.0679 2312 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
00:15:43.0710 2312 partmgr - ok
00:15:43.0804 2312 [ 6AE2D4CC74B93D4892F5A5BAFA34F834 ] PCASp50 C:\windows\system32\Drivers\PCASp50.sys
00:15:43.0835 2312 PCASp50 - ok
00:15:43.0850 2312 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
00:15:43.0882 2312 PcaSvc - ok
00:15:43.0897 2312 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
00:15:43.0897 2312 pci - ok
00:15:43.0975 2312 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
00:15:43.0975 2312 pciide - ok
00:15:44.0131 2312 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
00:15:44.0147 2312 pcmcia - ok
00:15:44.0162 2312 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
00:15:44.0162 2312 pcw - ok
00:15:44.0178 2312 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:15:44.0194 2312 PEAUTH - ok
00:15:44.0303 2312 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
00:15:44.0318 2312 PerfHost - ok
00:15:44.0443 2312 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
00:15:44.0459 2312 pla - ok
00:15:44.0630 2312 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:15:44.0630 2312 PlugPlay - ok
00:15:44.0662 2312 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:15:44.0662 2312 PNRPAutoReg - ok
00:15:44.0677 2312 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:15:44.0677 2312 PNRPsvc - ok
00:15:44.0724 2312 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:15:44.0724 2312 PolicyAgent - ok
00:15:44.0755 2312 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
00:15:44.0755 2312 Power - ok
00:15:44.0786 2312 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:15:44.0786 2312 PptpMiniport - ok
00:15:44.0802 2312 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
00:15:44.0802 2312 Processor - ok
00:15:44.0911 2312 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
00:15:44.0942 2312 ProfSvc - ok
00:15:44.0989 2312 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
00:15:44.0989 2312 ProtectedStorage - ok
00:15:45.0067 2312 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:15:45.0067 2312 Psched - ok
00:15:45.0348 2312 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
00:15:45.0379 2312 ql2300 - ok
00:15:45.0410 2312 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
00:15:45.0410 2312 ql40xx - ok
00:15:45.0535 2312 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
00:15:45.0582 2312 QWAVE - ok
00:15:45.0598 2312 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:15:45.0598 2312 QWAVEdrv - ok
00:15:45.0754 2312 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
00:15:45.0785 2312 RapportCerberus_42020 - ok
00:15:46.0003 2312 [ E00B1DAC20B52781A6F697235A1CE9D4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
00:15:46.0003 2312 RapportEI64 - ok
00:15:46.0081 2312 [ A0D6937897654813C27CB149FC4337E4 ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys
00:15:46.0097 2312 RapportKE64 - ok
00:15:46.0471 2312 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
00:15:46.0471 2312 RapportMgmtService - ok
00:15:46.0534 2312 [ 9B5D119785654BF8219DCBD0C1925FF7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
00:15:46.0549 2312 RapportPG64 - ok
00:15:46.0565 2312 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:15:46.0565 2312 RasAcd - ok
00:15:46.0580 2312 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:15:46.0596 2312 RasAgileVpn - ok
00:15:46.0627 2312 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
00:15:46.0627 2312 RasAuto - ok
00:15:46.0658 2312 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:15:46.0690 2312 Rasl2tp - ok
00:15:46.0830 2312 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
00:15:46.0830 2312 RasMan - ok
00:15:46.0846 2312 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:15:46.0846 2312 RasPppoe - ok
00:15:46.0861 2312 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:15:46.0861 2312 RasSstp - ok
00:15:46.0986 2312 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:15:47.0033 2312 rdbss - ok
00:15:47.0048 2312 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
00:15:47.0064 2312 rdpbus - ok
00:15:47.0111 2312 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
00:15:47.0111 2312 RDPCDD - ok
00:15:47.0204 2312 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
00:15:47.0204 2312 RDPENCDD - ok
00:15:47.0251 2312 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
00:15:47.0251 2312 RDPREFMP - ok
00:15:47.0329 2312 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:15:47.0360 2312 RDPWD - ok
00:15:47.0454 2312 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:15:47.0485 2312 rdyboost - ok
00:15:47.0579 2312 [ AA9FD849C028CCB441A78061B57DB734 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:15:47.0594 2312 RegSrvc - ok
00:15:47.0704 2312 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
00:15:47.0719 2312 RemoteAccess - ok
00:15:47.0782 2312 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:15:47.0860 2312 RemoteRegistry - ok
00:15:48.0000 2312 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
00:15:48.0047 2312 RFCOMM - ok
00:15:48.0218 2312 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:15:48.0234 2312 RichVideo - ok
00:15:48.0312 2312 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:15:48.0312 2312 RpcEptMapper - ok
00:15:48.0359 2312 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
00:15:48.0359 2312 RpcLocator - ok
00:15:48.0437 2312 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
00:15:48.0452 2312 RpcSs - ok
00:15:48.0468 2312 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:15:48.0468 2312 rspndr - ok
00:15:48.0530 2312 [ BFE0EF0C4C15820698F50AD73AF5E35F ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
00:15:48.0546 2312 RTL8167 - ok
00:15:48.0608 2312 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
00:15:48.0608 2312 rtport - ok
00:15:48.0640 2312 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
00:15:48.0640 2312 SABI - ok
00:15:48.0655 2312 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
00:15:48.0655 2312 SamSs - ok
00:15:48.0718 2312 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
00:15:48.0718 2312 Samsung UPD Service - ok
00:15:48.0749 2312 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
00:15:48.0749 2312 sbp2port - ok
00:15:48.0811 2312 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
00:15:48.0842 2312 SCardSvr - ok
00:15:48.0920 2312 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:15:48.0920 2312 scfilter - ok
00:15:49.0061 2312 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
00:15:49.0076 2312 Schedule - ok
00:15:49.0092 2312 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
00:15:49.0092 2312 SCPolicySvc - ok
00:15:49.0217 2312 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:15:49.0217 2312 SDRSVC - ok
00:15:49.0248 2312 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
00:15:49.0248 2312 secdrv - ok
00:15:49.0264 2312 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
00:15:49.0264 2312 seclogon - ok
00:15:49.0342 2312 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
00:15:49.0357 2312 SENS - ok
00:15:49.0373 2312 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
00:15:49.0373 2312 SensrSvc - ok
00:15:49.0404 2312 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
00:15:49.0420 2312 Serenum - ok
00:15:49.0420 2312 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
00:15:49.0435 2312 Serial - ok
00:15:49.0498 2312 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
00:15:49.0513 2312 sermouse - ok
00:15:49.0576 2312 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
00:15:49.0576 2312 SessionEnv - ok
00:15:49.0622 2312 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
00:15:49.0622 2312 sffdisk - ok
00:15:49.0638 2312 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
00:15:49.0654 2312 sffp_mmc - ok
00:15:49.0685 2312 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
00:15:49.0716 2312 sffp_sd - ok
00:15:49.0763 2312 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
00:15:49.0778 2312 sfloppy - ok
00:15:49.0950 2312 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
00:15:49.0950 2312 Sftfs - ok
00:15:50.0090 2312 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:15:50.0090 2312 sftlist - ok
00:15:50.0106 2312 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
00:15:50.0106 2312 Sftplay - ok
00:15:50.0122 2312 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
00:15:50.0137 2312 Sftredir - ok
00:15:50.0168 2312 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
00:15:50.0168 2312 Sftvol - ok
00:15:50.0200 2312 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:15:50.0200 2312 sftvsa - ok
00:15:50.0262 2312 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
00:15:50.0262 2312 SharedAccess - ok
00:15:50.0293 2312 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:15:50.0309 2312 ShellHWDetection - ok
00:15:50.0402 2312 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
00:15:50.0402 2312 SiSRaid2 - ok
00:15:50.0449 2312 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
00:15:50.0480 2312 SiSRaid4 - ok
00:15:50.0512 2312 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
00:15:50.0527 2312 Smb - ok
00:15:50.0590 2312 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:15:50.0590 2312 SNMPTRAP - ok
00:15:50.0652 2312 [ B3D47BE53A032EB8CD0A9B77D946DC19 ] SNTUSB64 C:\windows\system32\DRIVERS\SNTUSB64.SYS
00:15:50.0683 2312 SNTUSB64 - ok
00:15:50.0714 2312 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
00:15:50.0714 2312 spldr - ok
00:15:50.0839 2312 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
00:15:50.0839 2312 Spooler - ok
00:15:51.0635 2312 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
00:15:51.0713 2312 sppsvc - ok
00:15:51.0775 2312 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
00:15:51.0775 2312 sppuinotify - ok
00:15:51.0931 2312 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:15:51.0931 2312 SQLBrowser - ok
00:15:52.0212 2312 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:15:52.0259 2312 SQLWriter - ok
00:15:52.0352 2312 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
00:15:52.0352 2312 srv - ok
00:15:52.0368 2312 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:15:52.0368 2312 srv2 - ok
00:15:52.0399 2312 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:15:52.0399 2312 srvnet - ok
00:15:52.0430 2312 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:15:52.0430 2312 SSDPSRV - ok
00:15:52.0462 2312 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\windows\system32\Drivers\SSPORT.sys
00:15:52.0477 2312 SSPORT - ok
00:15:52.0524 2312 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
00:15:52.0524 2312 SstpSvc - ok
00:15:52.0540 2312 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
00:15:52.0555 2312 stexstor - ok
00:15:52.0571 2312 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
00:15:52.0571 2312 StillCam - ok
00:15:52.0727 2312 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
00:15:52.0805 2312 stisvc - ok
00:15:52.0883 2312 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
00:15:52.0883 2312 swenum - ok
00:15:53.0023 2312 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
00:15:53.0054 2312 swprv - ok
00:15:53.0413 2312 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
00:15:53.0444 2312 SysMain - ok
00:15:53.0476 2312 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
00:15:53.0476 2312 TabletInputService - ok
00:15:53.0538 2312 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
00:15:53.0538 2312 TapiSrv - ok
00:15:53.0616 2312 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
00:15:53.0616 2312 TBS - ok
00:15:53.0741 2312 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:15:53.0772 2312 Tcpip - ok
00:15:53.0788 2312 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:15:53.0803 2312 TCPIP6 - ok
00:15:53.0834 2312 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:15:53.0834 2312 tcpipreg - ok
00:15:53.0866 2312 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
00:15:53.0866 2312 TDPIPE - ok
00:15:53.0881 2312 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
00:15:53.0881 2312 TDTCP - ok
00:15:53.0928 2312 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:15:53.0944 2312 tdx - ok
00:15:53.0990 2312 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
00:15:53.0990 2312 TermDD - ok
00:15:54.0037 2312 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
00:15:54.0037 2312 TermService - ok
00:15:54.0100 2312 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
00:15:54.0115 2312 Themes - ok
00:15:54.0193 2312 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
00:15:54.0193 2312 THREADORDER - ok
00:15:54.0271 2312 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
00:15:54.0271 2312 TrkWks - ok
00:15:54.0521 2312 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:15:54.0521 2312 TrustedInstaller - ok
00:15:54.0583 2312 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
00:15:54.0583 2312 tssecsrv - ok
00:15:54.0599 2312 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
00:15:54.0599 2312 TsUsbFlt - ok
00:15:54.0630 2312 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:15:54.0646 2312 tunnel - ok
00:15:54.0724 2312 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
00:15:54.0739 2312 TurboB - ok
00:15:54.0958 2312 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:15:54.0973 2312 TurboBoost - ok
00:15:55.0036 2312 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
00:15:55.0036 2312 uagp35 - ok
00:15:55.0114 2312 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:15:55.0114 2312 udfs - ok
00:15:55.0160 2312 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
00:15:55.0160 2312 UI0Detect - ok
00:15:55.0160 2312 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
00:15:55.0176 2312 uliagpkx - ok
00:15:55.0207 2312 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
00:15:55.0207 2312 umbus - ok
00:15:55.0270 2312 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
00:15:55.0270 2312 UmPass - ok
00:15:55.0753 2312 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:15:55.0769 2312 UNS - ok
00:15:55.0878 2312 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
00:15:55.0894 2312 upnphost - ok
00:15:55.0909 2312 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
00:15:55.0909 2312 usbccgp - ok
00:15:55.0956 2312 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
00:15:55.0972 2312 usbcir - ok
00:15:56.0018 2312 [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
00:15:56.0018 2312 UsbClientService - ok
00:15:56.0143 2312 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
00:15:56.0174 2312 usbehci - ok
00:15:56.0284 2312 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
00:15:56.0315 2312 usbhub - ok
00:15:56.0346 2312 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
00:15:56.0346 2312 usbohci - ok
00:15:56.0377 2312 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
00:15:56.0377 2312 usbprint - ok
00:15:56.0408 2312 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
00:15:56.0408 2312 USBSTOR - ok
00:15:56.0424 2312 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
00:15:56.0424 2312 usbuhci - ok
00:15:56.0455 2312 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
00:15:56.0455 2312 usbvideo - ok
00:15:56.0486 2312 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
00:15:56.0486 2312 UxSms - ok
00:15:56.0518 2312 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
00:15:56.0518 2312 VaultSvc - ok
00:15:56.0564 2312 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
00:15:56.0564 2312 vdrvroot - ok
00:15:56.0658 2312 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
00:15:56.0658 2312 vds - ok
00:15:56.0689 2312 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
00:15:56.0689 2312 vga - ok
00:15:56.0705 2312 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
00:15:56.0705 2312 VgaSave - ok
00:15:56.0736 2312 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
00:15:56.0736 2312 vhdmp - ok
00:15:56.0783 2312 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
00:15:56.0814 2312 viaide - ok
00:15:56.0876 2312 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
00:15:56.0908 2312 volmgr - ok
00:15:56.0986 2312 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:15:57.0001 2312 volmgrx - ok
00:15:57.0032 2312 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
00:15:57.0048 2312 volsnap - ok
00:15:57.0064 2312 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
00:15:57.0064 2312 vsmraid - ok
00:15:57.0157 2312 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
00:15:57.0204 2312 VSS - ok
00:15:57.0266 2312 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
00:15:57.0282 2312 vwifibus - ok
00:15:57.0313 2312 [ 13A0DECD1794DE60A8427862C8669D27 ] VWiFiFlt C:\windows\system32\DRIVERS\vwififlt.sys
00:15:57.0313 2312 VWiFiFlt - ok
00:15:57.0329 2312 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
00:15:57.0329 2312 vwifimp - ok
00:15:57.0376 2312 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
00:15:57.0407 2312 W32Time - ok
00:15:57.0469 2312 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
00:15:57.0485 2312 WacomPen - ok
00:15:57.0578 2312 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
00:15:57.0578 2312 WANARP - ok
00:15:57.0578 2312 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:15:57.0578 2312 Wanarpv6 - ok
00:15:57.0672 2312 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
00:15:57.0688 2312 WatAdminSvc - ok
00:15:57.0797 2312 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
00:15:57.0812 2312 wbengine - ok
00:15:57.0875 2312 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:15:57.0906 2312 WbioSrvc - ok
00:15:57.0968 2312 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
00:15:57.0984 2312 wcncsvc - ok
00:15:58.0015 2312 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:15:58.0015 2312 WcsPlugInService - ok
00:15:58.0046 2312 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
00:15:58.0046 2312 Wd - ok
00:15:58.0078 2312 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:15:58.0078 2312 Wdf01000 - ok
00:15:58.0093 2312 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
00:15:58.0093 2312 WdiServiceHost - ok
00:15:58.0109 2312 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
00:15:58.0109 2312 WdiSystemHost - ok
00:15:58.0140 2312 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
00:15:58.0140 2312 wdkmd - ok
00:15:58.0202 2312 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
00:15:58.0219 2312 WebClient - ok
00:15:58.0235 2312 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
00:15:58.0235 2312 Wecsvc - ok
00:15:58.0250 2312 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
00:15:58.0250 2312 wercplsupport - ok
00:15:58.0297 2312 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
00:15:58.0297 2312 WerSvc - ok
00:15:58.0375 2312 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
00:15:58.0391 2312 WfpLwf - ok
00:15:58.0453 2312 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:15:58.0453 2312 WIMMount - ok
00:15:58.0500 2312 WinDefend - ok
00:15:58.0515 2312 WinHttpAutoProxySvc - ok
00:15:58.0749 2312 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:15:58.0749 2312 Winmgmt - ok
00:15:58.0843 2312 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
00:15:58.0874 2312 WinRM - ok
00:15:58.0968 2312 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
00:15:58.0968 2312 WinUsb - ok
00:15:59.0108 2312 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
00:15:59.0124 2312 Wlansvc - ok
00:15:59.0171 2312 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:15:59.0171 2312 wlcrasvc - ok
00:15:59.0373 2312 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:15:59.0389 2312 wlidsvc - ok
00:15:59.0514 2312 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
00:15:59.0529 2312 WmiAcpi - ok
00:15:59.0639 2312 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:15:59.0670 2312 wmiApSrv - ok
00:15:59.0701 2312 WMPNetworkSvc - ok
00:15:59.0732 2312 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
00:15:59.0748 2312 WPCSvc - ok
00:15:59.0763 2312 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:15:59.0763 2312 WPDBusEnum - ok
00:15:59.0841 2312 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:15:59.0857 2312 ws2ifsl - ok
00:15:59.0904 2312 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
00:15:59.0904 2312 wscsvc - ok
00:15:59.0904 2312 WSearch - ok
00:16:00.0138 2312 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
00:16:00.0169 2312 wuauserv - ok
00:16:00.0200 2312 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:16:00.0200 2312 WudfPf - ok
00:16:00.0263 2312 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
00:16:00.0294 2312 WUDFRd - ok
00:16:00.0325 2312 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:16:00.0356 2312 wudfsvc - ok
00:16:00.0403 2312 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
00:16:00.0403 2312 WwanSvc - ok
00:16:00.0419 2312 ================ Scan global ===============================
00:16:00.0559 2312 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
00:16:00.0668 2312 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
00:16:00.0699 2312 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
00:16:00.0731 2312 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
00:16:00.0824 2312 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
00:16:00.0871 2312 [Global] - ok
00:16:00.0902 2312 ================ Scan MBR ==================================
00:16:00.0902 2312 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
00:16:02.0150 2312 \Device\Harddisk0\DR0 - ok
00:16:02.0150 2312 ================ Scan VBR ==================================
00:16:02.0150 2312 [ FB05A3756A8FBF06AB31DCB5A1393388 ] \Device\Harddisk0\DR0\Partition1
00:16:02.0150 2312 \Device\Harddisk0\DR0\Partition1 - ok
00:16:02.0166 2312 [ 0A7EBF28F2728B4B8C8AC0A98CD45D21 ] \Device\Harddisk0\DR0\Partition2
00:16:02.0166 2312 \Device\Harddisk0\DR0\Partition2 - ok
00:16:02.0181 2312 [ 3650266D9FC49BBB8385F8627F2D8369 ] \Device\Harddisk0\DR0\Partition3
00:16:02.0213 2312 \Device\Harddisk0\DR0\Partition3 - ok
00:16:02.0213 2312 ============================================================
00:16:02.0213 2312 Scan finished
00:16:02.0213 2312 ============================================================
00:16:02.0259 2400 Detected object count: 0
00:16:02.0259 2400 Actual detected object count: 0
00:17:16.0837 2120 Deinitialize success

Edited by articaine, 05 September 2012 - 03:08 AM.


#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 05 September 2012 - 04:47 AM

Download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 05 September 2012 - 10:00 AM

had question, but nevermind.

Edited by articaine, 05 September 2012 - 11:14 AM.


#7 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 05 September 2012 - 05:32 PM

FRST log

Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 05-09-2012 15:06:07
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-16] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Ryoo\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [324976 2009-11-15] (Flexera Software, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.16.2
AppInit_DLLs: C:\Windows\System32\nvinitx.dll

==================== Services ====================

2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [246256 2010-08-24] (CyberLink)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-04] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation)
2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-07-29] (Trusteer Ltd.)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] ()
2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [245760 2011-02-17] ()

==================== Drivers =================================

3 FlyUsb; C:\Windows\System32\Drivers\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-07-08] (MediaMall Technologies, Inc.)
3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [45752 2009-10-28] (Printing Communications Assoc., Inc. (PCAUSA))
1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-11] ()
1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-29] (Trusteer Ltd.)
0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-07-29] (Trusteer Ltd.)
1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-07-29] (Trusteer Ltd.)
3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-03-24] (Windows ® 2003 DDK 3790 provider)
3 SNTUSB64; C:\Windows\System32\Drivers\SNTUSB64.sys [58664 2008-07-11] (SafeNet, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-05 06:42 - 2012-09-05 06:43 - 01454599 ____A (Farbar) C:\Users\Ryoo\Downloads\FRST64.exe
2012-09-05 00:05 - 2012-09-04 23:20 - 00000512 ____A C:\Users\Ryoo\Desktop\MBR.dat
2012-09-04 23:43 - 2012-09-04 23:43 - 00000952 ____A C:\Users\Ryoo\Desktop\aswMBR.zip
2012-09-04 23:40 - 2012-09-04 23:56 - 00000000 ____D C:\Users\All Users\WinZip
2012-09-04 23:21 - 2012-09-04 23:21 - 00000516 ____A C:\Users\Ryoo\Desktop\MBR.rar
2012-09-04 23:20 - 2012-09-04 23:20 - 00001856 ____A C:\Users\Ryoo\Desktop\aswMBR.txt
2012-09-04 20:46 - 2012-09-04 20:46 - 00017644 ____A C:\Users\Ryoo\Desktop\ComboFix.txt
2012-09-04 20:43 - 2012-09-04 20:43 - 00017644 ____A C:\ComboFix.txt
2012-09-04 20:34 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-04 20:34 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-04 20:34 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-04 20:34 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-04 20:34 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-04 20:34 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-04 20:34 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-04 20:31 - 2012-09-04 20:32 - 04743490 ____R (Swearware) C:\Users\Ryoo\Desktop\ComboFix.exe
2012-09-04 20:31 - 2012-09-04 09:23 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Ryoo\Desktop\tdsskiller.exe
2012-09-04 20:30 - 2012-09-04 09:22 - 04731392 ____A (AVAST Software) C:\Users\Ryoo\Desktop\aswMBR.exe
2012-09-04 20:18 - 2012-09-05 13:42 - 00000280 ____A C:\Windows\setupact.log
2012-09-04 20:18 - 2012-09-04 20:18 - 00000000 ____A C:\Windows\setuperr.log
2012-09-04 20:17 - 2012-09-04 23:58 - 00015562 ____A C:\Windows\PFRO.log
2012-09-02 22:35 - 2012-09-04 19:24 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-09-02 22:35 - 2012-09-02 22:35 - 00000000 ____D C:\Users\Ryoo\AppData\Roaming\ParetoLogic
2012-09-02 22:32 - 2012-09-02 22:41 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-09-02 22:32 - 2012-09-02 22:41 - 00000408 ____A C:\Windows\Tasks\RegCure Pro.job
2012-09-02 22:32 - 2012-09-02 22:32 - 00001182 ____A C:\Users\Ryoo\Desktop\RegCure Pro.lnk
2012-09-02 22:32 - 2012-09-02 22:32 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-09-02 22:32 - 2012-09-02 22:32 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-09-02 22:29 - 2012-09-02 22:29 - 00000000 ____D C:\Users\Ryoo\AppData\Roaming\YourFileDownloader
2012-09-02 22:14 - 2012-09-02 22:14 - 09654347 ____A C:\Users\Ryoo\Downloads\RegCurePro (The same SpeedyPC Pro ).rar
2012-09-02 22:05 - 2012-09-02 22:36 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-09-02 22:05 - 2012-09-02 22:05 - 00000000 ____D C:\Users\Ryoo\AppData\Roaming\SpeedyPC Software
2012-09-02 22:05 - 2012-09-02 22:05 - 00000000 ____D C:\Users\Ryoo\AppData\Roaming\DriverCure
2012-09-02 15:26 - 2012-09-02 15:26 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2012-09-02 08:26 - 2012-09-02 08:26 - 00511265 ____A C:\Users\Ryoo\Downloads\adwcleaner.exe
2012-09-02 01:44 - 2012-09-02 15:32 - 00002198 ____A C:\Windows\epplauncher.mif
2012-09-02 01:15 - 2012-09-02 01:15 - 00020684 ____A C:\Users\Ryoo\Desktop\DDS.txt
2012-09-02 01:13 - 2012-09-02 01:13 - 00607260 ____R (Swearware) C:\Users\Ryoo\Downloads\dds.com
2012-09-02 00:49 - 2012-09-02 00:49 - 00080384 ____A C:\Users\Ryoo\Downloads\MBRCheck.exe
2012-09-01 22:40 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-01 22:35 - 2012-09-04 20:44 - 00000000 ____D C:\Qoobox
2012-09-01 22:34 - 2012-09-04 20:42 - 00000000 ____D C:\Windows\erdnt
2012-08-30 20:25 - 2012-09-02 01:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-30 20:25 - 2012-09-02 01:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-29 23:05 - 2012-09-02 16:59 - 00000000 ____D C:\Users\Ryoo\Documents\Lawn
2012-08-27 22:45 - 2012-09-02 01:46 - 00000000 ____D C:\Users\Ryoo\Desktop\dk
2012-08-27 19:02 - 2012-08-27 19:02 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{487B018E-9258-4F98-84AA-4ACA49A820DC}
2012-08-26 17:15 - 2012-08-26 17:16 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{E9B1BDD6-E72F-43BA-92E5-C7117A9639E2}
2012-08-25 12:59 - 2012-08-25 12:59 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{E58836A4-AA47-4EE7-969F-1CE33F26A9D2}
2012-08-24 10:54 - 2012-08-24 10:54 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{F5405229-E6E4-477B-AB8B-BEB5609239FA}
2012-08-15 20:32 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-15 20:32 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 20:32 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 20:32 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 20:32 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 20:32 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 20:32 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 20:32 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 20:32 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 20:32 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 20:32 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 20:32 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 20:32 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 20:32 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 20:32 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 20:32 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 20:32 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 20:32 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 20:32 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 20:32 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 20:32 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 20:32 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 20:32 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 20:32 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 20:32 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 20:32 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 20:32 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 20:32 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 20:32 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-14 22:22 - 2012-08-14 22:22 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{9BD09840-94C0-4FE8-9991-2899351CFC0C}
2012-08-14 22:10 - 2012-08-14 22:14 - 96323488 ____A C:\Users\Ryoo\Downloads\S-NEFCDC-011400WF-ALLIN-ALL___.exe
2012-08-14 22:10 - 2012-08-14 22:10 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{83232839-FAE1-415A-B95B-DD00EB3D2341}
2012-08-14 22:05 - 2012-08-14 22:05 - 00000000 ____D C:\Users\Ryoo\AppData\Local\{83A0D2D2-A56F-4064-BC79-7DACB90C27A7}
2012-08-14 20:01 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-14 20:01 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-14 20:01 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-14 20:01 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-14 20:01 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-14 20:01 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-14 20:01 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-14 20:01 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-14 20:01 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-14 20:01 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-14 20:01 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 20:01 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-14 20:01 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-06 20:36 - 2012-08-06 20:36 - 00065048 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-08-06 20:34 - 2012-09-02 22:39 - 00000000 ____D C:\Users\All Users\MediaMall


==================== 3 Months Modified Files ================================

2012-09-05 14:01 - 2011-03-16 17:01 - 01975280 ____A C:\Windows\WindowsUpdate.log
2012-09-05 13:55 - 2011-08-12 22:47 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007334548-303238922-589925700-1002UA.job
2012-09-05 13:50 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-05 13:50 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-05 13:42 - 2012-09-04 20:18 - 00000280 ____A C:\Windows\setupact.log
2012-09-05 13:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-05 06:43 - 2012-09-05 06:42 - 01454599 ____A (Farbar) C:\Users\Ryoo\Downloads\FRST64.exe
2012-09-04 23:58 - 2012-09-04 20:17 - 00015562 ____A C:\Windows\PFRO.log
2012-09-04 23:43 - 2012-09-04 23:43 - 00000952 ____A C:\Users\Ryoo\Desktop\aswMBR.zip
2012-09-04 23:21 - 2012-09-04 23:21 - 00000516 ____A C:\Users\Ryoo\Desktop\MBR.rar
2012-09-04 23:20 - 2012-09-05 00:05 - 00000512 ____A C:\Users\Ryoo\Desktop\MBR.dat
2012-09-04 23:20 - 2012-09-04 23:20 - 00001856 ____A C:\Users\Ryoo\Desktop\aswMBR.txt
2012-09-04 20:46 - 2012-09-04 20:46 - 00017644 ____A C:\Users\Ryoo\Desktop\ComboFix.txt
2012-09-04 20:43 - 2012-09-04 20:43 - 00017644 ____A C:\ComboFix.txt
2012-09-04 20:42 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-04 20:32 - 2012-09-04 20:31 - 04743490 ____R (Swearware) C:\Users\Ryoo\Desktop\ComboFix.exe
2012-09-04 20:18 - 2012-09-04 20:18 - 00000000 ____A C:\Windows\setuperr.log
2012-09-04 20:13 - 2009-07-13 21:13 - 00797886 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-04 19:32 - 2011-08-12 22:47 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3007334548-303238922-589925700-1002Core.job
2012-09-04 19:24 - 2012-09-02 22:35 - 00000466 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2012-09-04 09:23 - 2012-09-04 20:31 - 02211928 ____A (Kaspersky Lab ZAO) C:\Users\Ryoo\Desktop\tdsskiller.exe
2012-09-04 09:22 - 2012-09-04 20:30 - 04731392 ____A (AVAST Software) C:\Users\Ryoo\Desktop\aswMBR.exe
2012-09-02 22:51 - 2011-10-12 21:54 - 00000138 ____A C:\Windows\SysWOW64\_WKERNEL.SYL
2012-09-02 22:41 - 2012-09-02 22:32 - 00000440 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-09-02 22:41 - 2012-09-02 22:32 - 00000408 ____A C:\Windows\Tasks\RegCure Pro.job
2012-09-02 22:32 - 2012-09-02 22:32 - 00001182 ____A C:\Users\Ryoo\Desktop\RegCure Pro.lnk
2012-09-02 22:14 - 2012-09-02 22:14 - 09654347 ____A C:\Users\Ryoo\Downloads\RegCurePro (The same SpeedyPC Pro ).rar
2012-09-02 15:32 - 2012-09-02 01:44 - 00002198 ____A C:\Windows\epplauncher.mif
2012-09-02 08:26 - 2012-09-02 08:26 - 00511265 ____A C:\Users\Ryoo\Downloads\adwcleaner.exe
2012-09-02 01:44 - 2011-08-18 21:09 - 00811972 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-02 01:15 - 2012-09-02 01:15 - 00020684 ____A C:\Users\Ryoo\Desktop\DDS.txt
2012-09-02 01:13 - 2012-09-02 01:13 - 00607260 ____R (Swearware) C:\Users\Ryoo\Downloads\dds.com
2012-09-02 00:49 - 2012-09-02 00:49 - 00080384 ____A C:\Users\Ryoo\Downloads\MBRCheck.exe
2012-09-02 00:08 - 2011-03-16 01:40 - 00007326 ____A C:\Windows\HotFixList.ini
2012-09-02 00:06 - 2011-03-16 02:05 - 00407040 ____A (Samsung Electronics) C:\Windows\HotfixChecker.exe
2012-09-02 00:06 - 2011-03-16 02:05 - 00345600 ____A (Samsung Electronics Co., Ltd.) C:\Windows\SetLCDStretchMode.exe
2012-09-02 00:04 - 2012-02-08 23:34 - 00249736 ____A (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2012-08-29 19:47 - 2011-08-12 22:24 - 00001057 ____A C:\Users\Ryoo\AppData\Roaming\vso_ts_preview.xml
2012-08-15 21:01 - 2009-07-13 20:45 - 02215312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 20:29 - 2011-08-12 22:17 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 22:14 - 2012-08-14 22:10 - 96323488 ____A C:\Users\Ryoo\Downloads\S-NEFCDC-011400WF-ALLIN-ALL___.exe
2012-08-06 20:36 - 2012-08-06 20:36 - 00065048 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-07-29 19:52 - 2011-12-10 00:33 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
2012-07-18 10:15 - 2012-08-14 20:01 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-13 06:50 - 2012-07-13 06:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-13 06:50 - 2012-07-13 06:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-13 06:47 - 2012-07-13 06:47 - 00893936 ____A (Oracle Corporation) C:\Users\Ryoo\Downloads\chromeinstall-7u5.exe
2012-07-12 20:35 - 2012-04-02 19:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 20:35 - 2011-08-20 21:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 19:14 - 2012-07-12 19:14 - 00001567 ____A C:\Users\Ryoo\AppData\Local\PDLSetup.20120712.201416.txt
2012-07-08 15:04 - 2012-07-08 15:04 - 00028528 ____A (MediaMall Technologies, Inc.) C:\Windows\System32\Drivers\povrtdev.sys
2012-07-08 11:52 - 2012-07-08 11:52 - 00001566 ____A C:\Users\Ryoo\AppData\Local\PDLSetup.20120708.125233.txt
2012-07-06 12:07 - 2012-08-15 20:32 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-05 21:06 - 2012-07-13 06:50 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 21:06 - 2012-07-13 06:50 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 21:06 - 2011-09-15 20:14 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-04 14:16 - 2012-08-14 20:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-14 20:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-14 20:01 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-14 20:01 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-14 20:01 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 22:22 - 2012-07-03 22:08 - 01101404 ____A C:\Users\Ryoo\Downloads\Attachments_2012_07_3.zip
2012-07-03 12:46 - 2011-08-12 22:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 22:16 - 2011-10-17 21:21 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-28 20:55 - 2012-08-15 20:32 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 20:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 20:32 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 20:32 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 20:32 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 20:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 20:32 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 20:32 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 20:32 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 20:32 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 20:32 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 20:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 20:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 20:32 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 20:32 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 20:32 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 20:32 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 20:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 20:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 20:32 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 20:32 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 20:32 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 20:32 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 20:32 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 20:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 20:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 20:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 20:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 04:51 - 2011-10-17 21:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-27 06:42 - 2012-06-27 06:40 - 74761776 ____A C:\Users\Ryoo\Downloads\avast_free_antivirus_setup.exe
2012-06-22 17:32 - 2012-06-22 17:32 - 00010697 ____A C:\Users\Ryoo\Downloads\[isoHunt] Dr. Seuss The Lorax 2012 HDRip Audio XviD Feel-Free [MAX].torrent
2012-06-16 20:27 - 2009-07-13 21:08 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-08 21:43 - 2012-07-12 07:03 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 07:03 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-27 19:04:54
Restore point made on: 2012-08-28 21:34:19
Restore point made on: 2012-08-30 20:24:34
Restore point made on: 2012-08-31 20:03:51
Restore point made on: 2012-09-01 23:43:33
Restore point made on: 2012-09-01 23:54:14
Restore point made on: 2012-09-02 13:07:11
Restore point made on: 2012-09-02 14:18:40
Restore point made on: 2012-09-02 14:24:09
Restore point made on: 2012-09-02 22:39:00
Restore point made on: 2012-09-02 22:52:30
Restore point made on: 2012-09-03 21:19:18
Restore point made on: 2012-09-04 23:56:22
Restore point made on: 2012-09-05 06:24:19

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6056.29 MB
Available physical RAM: 5336.09 MB
Total Pagefile: 6054.44 MB
Available Pagefile: 5329.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:231 GB) (Free:139.86 GB) NTFS
2 Drive d: () (Fixed) (Total:343.58 GB) (Free:279.87 GB) NTFS
3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.49 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (USB Flash Drive) (Removable) (Total:7.45 GB) (Free:4.59 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 231 GB 101 MB
Partition 0 Extended 343 GB 231 GB
Partition 4 Logical 343 GB 231 GB
Partition 3 Recovery 21 GB 574 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 231 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 343 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F SAMSUNG_REC NTFS Partition 21 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H USB Flash D NTFS Removable 7633 MB Healthy

==================================================================================

Last Boot: 2012-08-27 19:59

==================== End Of Log =============================

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 06 September 2012 - 04:20 AM

I'm sorry that I did not get back to you sooner. I think I know where the problem lies.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
===================================================

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • List content of Hosts
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

===================================================

On your next reply please post :
OTL log
Result log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

Edited by Conspire, 06 September 2012 - 04:22 AM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 September 2012 - 11:03 AM

Conspire, no worries. Thank you for your help.


OTL logfile created on: 9/6/2012 8:39:41 AM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Ryoo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.81 Gb Available Physical Memory | 81.34% Memory free
11.82 Gb Paging File | 9.83 Gb Available in Paging File | 83.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 139.59 Gb Free Space | 60.43% Space Free | Partition Type: NTFS
Drive D: | 343.58 Gb Total Space | 279.87 Gb Free Space | 81.46% Space Free | Partition Type: NTFS

Computer Name: RYOO-PC | User Name: Ryoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryoo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (msvad_simple) -- C:\Windows\SysNative\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCASp50) -- C:\Windows\SysNative\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV - (RapportCerberus_42020) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys ()
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows ® 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {D0BEB30F-2144-4E67-9597-72CFDEA5FD97}
IE - HKCU\..\SearchScopes\{D0BEB30F-2144-4E67-9597-72CFDEA5FD97}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ryoo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ryoo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012/06/15 20:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryoo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/06/15 20:19:21 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Ryoo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com

========== Chrome ==========

CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=HIP&o=102874&locale=en_US&apn_uid=fcd4a9fd-a625-433b-80d6-a36f9ef25fbd&apn_ptnrs=6E&apn_sauid=4CBBCDE9-19B9-4848-9C62-E2BE42C5E6E5&apn_dtid=YYYYYYYYUS&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryoo\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ryoo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ryoo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryoo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Align Technology Plugin = C:\Users\Ryoo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdanjdjiocafhlghmdbakplcicppbfj\1.0_0\

O1 HOSTS File: ([2012/09/04 21:42:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F69F0594-346F-46A3-9AC9-66DB238A25F7}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 06:45:30 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Ryoo\Desktop\OTL.exe
[2012/09/06 06:44:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/05 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/05 20:51:05 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/09/05 20:50:53 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/09/05 20:50:53 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/09/05 20:50:53 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/05 16:06:02 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/05 01:04:39 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/05 01:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/09/05 00:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/09/05 00:21:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/04 21:44:01 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/04 21:34:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/04 21:34:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/09/04 21:34:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/04 21:31:45 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ryoo\Desktop\tdsskiller.exe
[2012/09/04 21:31:03 | 004,743,490 | R--- | C] (Swearware) -- C:\Users\Ryoo\Desktop\ComboFix.exe
[2012/09/04 21:30:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ryoo\Desktop\aswMBR.exe
[2012/09/02 23:41:31 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\Temp
[2012/09/02 23:35:07 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Roaming\ParetoLogic
[2012/09/02 23:32:30 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2012/09/02 23:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2012/09/02 23:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/09/02 23:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/09/02 23:29:52 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Roaming\YourFileDownloader
[2012/09/02 23:05:15 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Roaming\SpeedyPC Software
[2012/09/02 23:05:15 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Roaming\DriverCure
[2012/09/02 23:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/02 16:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2012/09/01 23:35:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/01 23:34:37 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/30 21:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/30 21:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/30 00:05:26 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\Documents\Lawn
[2012/08/27 23:45:33 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\Desktop\dk
[2012/08/27 20:02:21 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{487B018E-9258-4F98-84AA-4ACA49A820DC}
[2012/08/26 18:15:49 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{E9B1BDD6-E72F-43BA-92E5-C7117A9639E2}
[2012/08/25 13:59:42 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{E58836A4-AA47-4EE7-969F-1CE33F26A9D2}
[2012/08/24 11:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{F5405229-E6E4-477B-AB8B-BEB5609239FA}
[2012/08/15 21:32:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/15 21:32:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/15 21:32:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/15 21:32:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/15 21:32:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/15 21:32:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/15 21:32:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/15 21:32:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/15 21:32:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/15 21:32:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/15 21:32:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/15 21:32:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/15 21:32:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/14 23:22:28 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{9BD09840-94C0-4FE8-9991-2899351CFC0C}
[2012/08/14 23:10:17 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{83232839-FAE1-415A-B95B-DD00EB3D2341}
[2012/08/14 23:05:29 | 000,000,000 | ---D | C] -- C:\Users\Ryoo\AppData\Local\{83A0D2D2-A56F-4064-BC79-7DACB90C27A7}
[2012/08/14 21:01:50 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/14 21:01:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/14 21:01:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/14 21:01:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/14 21:01:43 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/14 21:01:43 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/14 21:01:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/14 21:01:41 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 08:35:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/06 06:55:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3007334548-303238922-589925700-1002UA.job
[2012/09/06 06:52:46 | 000,001,190 | ---- | M] () -- C:\Users\Ryoo\Desktop\RegCure Pro.lnk
[2012/09/06 06:52:46 | 000,000,492 | ---- | M] () -- C:\windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/09/06 06:52:44 | 000,000,440 | ---- | M] () -- C:\windows\tasks\ParetoLogic Update Version3.job
[2012/09/06 06:45:31 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Ryoo\Desktop\OTL.exe
[2012/09/06 06:45:12 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/06 06:45:06 | 000,811,972 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/09/06 06:45:06 | 000,674,322 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/06 06:45:06 | 000,126,242 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/05 22:07:12 | 000,001,057 | ---- | M] () -- C:\Users\Ryoo\AppData\Roaming\vso_ts_preview.xml
[2012/09/05 20:50:50 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/09/05 20:50:50 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/09/05 20:50:50 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/09/05 20:50:50 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/09/05 20:50:50 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/09/05 20:50:50 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/05 20:48:10 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 20:48:10 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 20:39:41 | 2054,283,263 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 00:43:49 | 000,000,952 | ---- | M] () -- C:\Users\Ryoo\Desktop\aswMBR.zip
[2012/09/05 00:21:33 | 000,000,516 | ---- | M] () -- C:\Users\Ryoo\Desktop\MBR.rar
[2012/09/05 00:20:57 | 000,000,512 | ---- | M] () -- C:\Users\Ryoo\Desktop\MBR.dat
[2012/09/04 21:42:09 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/04 21:32:45 | 004,743,490 | R--- | M] (Swearware) -- C:\Users\Ryoo\Desktop\ComboFix.exe
[2012/09/04 21:13:19 | 000,797,886 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/04 20:32:33 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3007334548-303238922-589925700-1002Core.job
[2012/09/04 20:24:42 | 000,000,466 | ---- | M] () -- C:\windows\tasks\ParetoLogic Registration3.job
[2012/09/04 10:23:43 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ryoo\Desktop\tdsskiller.exe
[2012/09/04 10:22:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ryoo\Desktop\aswMBR.exe
[2012/09/02 23:51:47 | 000,000,138 | ---- | M] () -- C:\windows\SysWow64\_WKERNEL.SYL
[2012/09/02 23:41:37 | 000,000,408 | ---- | M] () -- C:\windows\tasks\RegCure Pro.job
[2012/09/02 01:08:32 | 000,007,326 | ---- | M] () -- C:\windows\HotFixList.ini
[2012/09/02 01:06:46 | 000,345,600 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\windows\SetLCDStretchMode.exe
[2012/09/02 01:06:22 | 000,407,040 | ---- | M] (Samsung Electronics) -- C:\windows\HotfixChecker.exe
[2012/09/02 01:04:15 | 000,249,736 | ---- | M] (ELAN Microelectronics Corp.) -- C:\windows\ETDUninst.dll
[2012/08/24 12:08:38 | 000,086,448 | ---- | M] () -- C:\Users\Ryoo\Desktop\wes soccer 3.jpg
[2012/08/24 12:07:30 | 000,108,419 | ---- | M] () -- C:\Users\Ryoo\Desktop\wes soccer.jpg
[2012/08/24 11:59:18 | 000,038,292 | ---- | M] () -- C:\Users\Ryoo\Desktop\wes soccer (2).jpg
[2012/08/15 22:01:48 | 002,215,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/08 22:49:59 | 002,267,472 | ---- | M] () -- C:\Users\Ryoo\Documents\pricepfister_faucet.pdf
[2012/08/07 23:50:27 | 057,321,416 | ---- | M] () -- C:\Users\Ryoo\Desktop\Star Roses Catalog_2013.pdf
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 06:52:46 | 000,000,492 | ---- | C] () -- C:\windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012/09/06 06:45:12 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/05 01:05:00 | 000,000,512 | ---- | C] () -- C:\Users\Ryoo\Desktop\MBR.dat
[2012/09/05 00:43:49 | 000,000,952 | ---- | C] () -- C:\Users\Ryoo\Desktop\aswMBR.zip
[2012/09/05 00:21:33 | 000,000,516 | ---- | C] () -- C:\Users\Ryoo\Desktop\MBR.rar
[2012/09/04 21:34:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/04 21:34:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/04 21:34:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/04 21:34:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/02 23:35:09 | 000,000,466 | ---- | C] () -- C:\windows\tasks\ParetoLogic Registration3.job
[2012/09/02 23:32:30 | 000,001,190 | ---- | C] () -- C:\Users\Ryoo\Desktop\RegCure Pro.lnk
[2012/09/02 23:32:30 | 000,000,440 | ---- | C] () -- C:\windows\tasks\ParetoLogic Update Version3.job
[2012/09/02 23:32:30 | 000,000,408 | ---- | C] () -- C:\windows\tasks\RegCure Pro.job
[2012/09/02 02:44:11 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/09/01 23:40:53 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/24 12:06:35 | 000,086,448 | ---- | C] () -- C:\Users\Ryoo\Desktop\wes soccer 3.jpg
[2012/08/24 11:59:17 | 000,038,292 | ---- | C] () -- C:\Users\Ryoo\Desktop\wes soccer (2).jpg
[2012/08/24 11:53:56 | 000,108,419 | ---- | C] () -- C:\Users\Ryoo\Desktop\wes soccer.jpg
[2012/08/08 22:49:59 | 002,267,472 | ---- | C] () -- C:\Users\Ryoo\Documents\pricepfister_faucet.pdf
[2012/08/07 23:50:44 | 057,321,416 | ---- | C] () -- C:\Users\Ryoo\Desktop\Star Roses Catalog_2013.pdf
[2012/04/01 23:44:41 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll
[2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/11/24 22:03:51 | 000,007,597 | ---- | C] () -- C:\Users\Ryoo\AppData\Local\Resmon.ResmonCfg
[2011/08/18 22:09:20 | 000,811,972 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/12 23:24:46 | 000,001,057 | ---- | C] () -- C:\Users\Ryoo\AppData\Roaming\vso_ts_preview.xml
[2011/08/12 22:30:55 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
[2011/08/12 22:30:37 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/08/12 22:30:25 | 000,142,704 | ---- | C] () -- C:\windows\wiainst64.exe
[2011/03/16 18:30:04 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/03/16 04:15:16 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/03/16 02:40:47 | 000,007,326 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/03/16 02:04:07 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll

========== LOP Check ==========

[2012/05/18 22:35:52 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Acronis
[2011/08/12 22:57:43 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Auslogics
[2012/09/06 07:06:54 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Azureus
[2012/04/06 22:00:37 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\C__Users_Ryoo_AppData_Local_Temp_Rar$EXa0.109_SuperHideIP.exe
[2012/04/06 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\C__Users_Ryoo_Desktop_SuperHideIP.exe
[2012/09/02 23:05:15 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\DriverCure
[2012/05/28 22:04:06 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\ImgBurn
[2012/03/27 22:39:11 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\IObit
[2012/09/02 23:35:07 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\ParetoLogic
[2012/04/15 23:24:35 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\PlatinumHideIP
[2012/09/02 23:39:26 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\RSG
[2011/08/12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Samsung
[2012/09/02 23:52:11 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\SoftGrid Client
[2012/09/02 23:05:15 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\SpeedyPC Software
[2012/05/27 04:42:49 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Spotify
[2012/04/06 22:02:53 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\SuperHideIP
[2011/09/30 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Tific
[2011/08/18 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\TP
[2011/08/22 23:37:06 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\TuneUp Software
[2012/09/05 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\Vso
[2012/09/02 23:29:52 | 000,000,000 | ---D | M] -- C:\Users\Ryoo\AppData\Roaming\YourFileDownloader
[2012/09/04 20:24:42 | 000,000,466 | ---- | M] () -- C:\windows\Tasks\ParetoLogic Registration3.job
[2012/09/06 06:52:46 | 000,000,492 | ---- | M] () -- C:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
[2012/09/06 06:52:44 | 000,000,440 | ---- | M] () -- C:\windows\Tasks\ParetoLogic Update Version3.job
[2012/09/02 23:41:37 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\RegCure Pro.job
[2012/06/16 21:27:42 | 000,032,534 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ryoo\Desktop\After Xmas Dance Show 002.AVI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Ryoo\Desktop\After Xmas Dance Show 001.AVI:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 9/6/2012 8:39:41 AM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Ryoo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.81 Gb Available Physical Memory | 81.34% Memory free
11.82 Gb Paging File | 9.83 Gb Available in Paging File | 83.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 139.59 Gb Free Space | 60.43% Space Free | Partition Type: NTFS
Drive D: | 343.58 Gb Total Space | 279.87 Gb Free Space | 81.46% Space Free | Partition Type: NTFS

Computer Name: RYOO-PC | User Name: Ryoo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BEBC23-60C5-4148-B24B-C1E0FFC06F24}" = rport=139 | protocol=6 | dir=out | app=system |
"{145E7028-7772-4D86-AA94-302BCAD56584}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AD1643A-4D2B-40DB-A355-C0695E5412D5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B462334-A738-47FD-B5B6-B8D1BD4CD0BB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{309A1EAA-08CC-4110-9A6F-9DE198AB9300}" = lport=138 | protocol=17 | dir=in | app=system |
"{329F9D6E-E35D-498F-8D40-33C5998E7AD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{410A4355-F9D4-4B5E-9DBC-2B38EAFA19F7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{422C50F1-8BF4-41CF-AD05-192A642E56A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42AFBA9A-B2F3-455A-B232-8EC2A376C1D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C7180E4-61EC-4E51-8540-E3190DA6F74C}" = rport=137 | protocol=17 | dir=out | app=system |
"{502B108C-2B6D-4F1E-888A-A93FE1ECFC8E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{583C76D2-18D5-4C87-8C6E-611978342E45}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{661E91F3-7752-482E-8E6F-E12CE8FD6CF3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6808B23C-E5D3-41CF-960E-C64357A9A07C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6928EA29-160B-4774-8A3D-28C870CA77FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{695E8D13-2F22-44F5-B902-8EF5B474249B}" = lport=137 | protocol=17 | dir=in | app=system |
"{70F4AD4D-136C-4018-8F3E-457A0F153505}" = lport=10243 | protocol=6 | dir=in | app=system |
"{767F30AF-A2C7-49BA-AA47-C89D52890B0F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8468EF45-226C-44F7-B8D6-3999B14C04A9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{91F259D6-484A-427B-A266-B5539A7523B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{92752CFE-D2EE-42DB-B64D-79D2420BA37D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9EB1629C-CFA4-4E99-B252-54F5162D9978}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5129F2D-CEEF-4C4F-B7E3-C3CAE4D5F458}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7017000-9407-487D-A745-D3792F0AEEA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7F96AFD-6491-428D-AC90-21E6168C9F69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB397508-4584-4591-9D38-34229DD52E9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD5CB6A6-25FB-4FE9-A603-9F3D2BEF3471}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B36C5BB3-0BCF-4519-8E92-E7EF9F716549}" = rport=445 | protocol=6 | dir=out | app=system |
"{B434987C-94E1-4DB1-B4A5-58B2820C0641}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF9E42B8-7A55-4E30-961C-F10FFF65425C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8295156-E516-47B2-88FD-C2BCF419CCF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9027789-4189-43F1-8BA1-03161E354D1F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8843BC8-101E-4094-9FED-999A1629427B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8CC6211-3C5E-4E49-BE7A-35D6492C4ADE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F7DBC8-565D-429D-94B9-A904959DDF3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0944EC2A-E6BF-43CC-A637-0EBD39481052}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BE1BCAA-3F04-423C-ADEE-33F6E5849975}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{0DA8AC1A-A0D6-47BF-A173-0643A3319ECB}" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"{10D658B6-F2CE-41D0-9C6F-DDEDDB0C10DD}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{1250CABD-2794-47C7-92FC-91746C783200}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd9.exe |
"{12C823F1-33B2-485D-8C59-27D42F05D16C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{12F4801C-02E7-4F45-A834-0BF60D5B8DBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1656B491-49D5-47A1-AD85-F447202A9C5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18C8472C-A6C6-4004-BD58-C96689830BFB}" = protocol=6 | dir=out | app=system |
"{1DE18CDC-EA06-42E4-99B9-5B8128B61AB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C0E1B12-DF80-416B-B3E3-E6B6C81CA0F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3122D0FD-AD62-4F23-8E3C-5B96DFC54F3D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{314311E9-BB91-46A2-BC26-4B18E1E49465}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{39807B84-AAC6-46DC-A466-0560D079C7F1}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{3C8E499A-B6BA-4F91-8D6D-361555C90425}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{40EDACF0-EFF6-47B7-B9EC-2ABABFE85CF5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D0E875B-C0A8-40F9-B7F9-13204561E3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{5066E0C1-4C6F-4AA4-80C6-66393430B202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55B13C8F-B2A9-4CDE-9546-C1AC448F4F0E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{585D6959-7453-499B-9052-844F8F2FEFDC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62CD511D-E4A4-420D-9A98-283FD03A77B3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{668058A3-5230-4327-B937-4064AF5604F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AC08AAD-784A-4AEA-AC7C-89D8EA1742FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DF697CB-6456-424A-8C7F-0163E9F33D86}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7E2A11E1-FA35-46C1-8A58-F3BB095C8921}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7FA5D9D9-16B0-4552-ABCA-C16912AEC072}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{7FF63690-DF13-4FBF-93E3-0A8BA84A79DC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89A426A1-5751-40D5-8233-88A03EB9594C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{89F8F797-1957-4CB8-B40B-C4095CEDBBF0}" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"{8B67D105-9347-4353-A8B6-83BAAB4A4417}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DFC8866-AE06-402A-87AA-40E1F09B6CC5}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{9B405387-DD15-4316-A740-2D869F5322A7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{A260B579-AFF8-49ED-B2AB-672D0ECBC70F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A874589D-D564-4079-A93B-C7455BC90984}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC03EEC4-0822-4A0E-9205-98677DD0D9E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD16BFE5-B065-497F-9E51-40DC2BF7F68F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{B37092F8-2E1F-40E5-A3A2-3453C1C8A09E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B3B0327E-FC95-4256-8279-78CF3010E108}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{C5535C48-6698-4EAB-85CB-A4A223910CA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7726DD8-155E-46AB-A1D3-F98F965A083A}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{C96CF62D-6547-4745-9990-811AF653D370}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD2C35D9-E456-459A-B474-6099E1897C44}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D04CA626-EC3E-464D-8D29-20EFDFCD8C3F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D45EDA44-CCB5-45E4-9353-02E4E4C2E9A8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{DCF41791-F1B4-4EB8-A3FD-47D4C935600C}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{E6E6C669-ABAB-48BF-9982-3F3137FCB989}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F2BB96F2-16A1-4F5E-A411-8A0AB1470879}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F9841711-BECF-4871-BC4F-0C6D61153DB9}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{FE49B4FB-29A3-4A55-B6AB-E7AEB98F0983}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF486632-3619-4404-B928-61CDA7D8B6CF}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"TCP Query User{26E41352-2413-41E7-935F-37F8CB3A3032}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{38002FF7-5F15-48E3-A511-E2D48FD66D39}C:\users\ryoo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ryoo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4DAE93B6-3E4E-44D7-9722-5017FACBFFE0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4F053A79-6C3F-4CED-A23D-BDB20EA701D4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{516D4753-114B-49D4-9FE9-E4EA9FB376ED}C:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe |
"TCP Query User{51BC826F-267D-4CF0-B4D1-F308957EC2E2}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{57D6051E-3D81-4A2C-AF78-9C407624D058}C:\users\ryoo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ryoo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{999AD3D4-5A74-4E10-99B3-08AC74BA5090}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{AF70811D-BA1E-4EB8-9B85-3A626594AB6D}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{F14711A3-5373-4F49-BC09-4A76F5152809}C:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe |
"TCP Query User{FC289284-B75B-4EDE-A8E6-DB6B017A971B}C:\users\ryoo\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\ryoo\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{199A06E3-8843-42EE-9C62-A38BA9F3D75C}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{270F7382-0958-42DF-96A1-DC62AE67D133}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{2C13CA24-5639-46F3-8B5A-14B5280F5DAF}C:\users\ryoo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ryoo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2E1A51AE-6D58-4AF1-8C40-6260D482C527}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{52994C8E-CCD1-430C-94D2-DF195181C829}C:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe |
"UDP Query User{612AC027-B83C-4FF1-B599-C7A88806EC13}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{63CE43A3-E98C-4545-9C88-21ABE5F503CC}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{A49A6829-0152-46A1-AF24-15680DE21741}C:\users\ryoo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ryoo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CE140A61-9D16-43E4-BDB8-ED5AF5F2A394}C:\users\ryoo\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\ryoo\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{DF296F68-2EEE-4365-8D8A-646C32EAC480}C:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\consult-pro\chairside 2009 premium\networkserver.exe |
"UDP Query User{FE451FE9-3466-4C22-9C4A-C6E1DF1D341B}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{2998191E-A35E-47E2-BE38-7702C731D722}" = SRS Premium Sound Control Panel
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-X64 10.7.14.12_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PC Optimizer Pro" = PC Optimizer Pro
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2437DF07-D3CB-4D85-8397-ED8AE9ED26D5}" = LeapFrog Tag Junior Plugin
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4DC49A9A-6DD0-40D2-A851-527764DA8379}" = Adobe Setup
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60B28ECA-78BC-4D18-AB63-4A9A93BF881D}" = Adobe Creative Suite 3 Master Collection
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C016AC4-0282-4C82-B12F-3D5910DA7319}" = Samsung AnyWeb Print
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{CHAIRSIDE-09-Premium-NET-SRV}_is1" = Consult-PRO Network Premium Server
"{CHAIRSIDE-09-Premium-NET-TERM}_is1" = Chairside 2009 Premium
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E45D1CA0-C70E-4FF4-B46B-1F6ED85501F9}" = ClinCheck
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.3
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 10.5 Professional Edition
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}" = Easy Network Manager
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_915239ded2552e78978d0dbab7657a5" = Add or Remove Adobe Creative Suite 3 Master Collection
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"EASEUS Data Recovery Wizard Professional 5.5.1_is1" = EASEUS Data Recovery Wizard Professional 5.5.1
"EASEUS Deleted File Recovery 3.0.1_is1" = EASEUS Deleted File Recovery 3.0.1
"Game Console - WildGames" = WildTangent ORB Game Console
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E45D1CA0-C70E-4FF4-B46B-1F6ED85501F9}" = ClinCheck
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Rapport_msi" = Rapport
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"Synology Assistant" = Synology Assistant (remove only)
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.1.11
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 3:41:25 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6053

Error - 8/30/2012 3:41:26 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/30/2012 3:41:26 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7052

Error - 8/30/2012 3:41:26 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7052

Error - 8/30/2012 3:41:27 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/30/2012 3:41:27 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8097

Error - 8/30/2012 3:41:27 PM | Computer Name = Ryoo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8097

Error - 8/31/2012 12:25:09 AM | Computer Name = Ryoo-PC | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 8/31/2012 12:28:33 AM | Computer Name = Ryoo-PC | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0066): Streaming Failed

Error - 8/31/2012 12:29:57 AM | Computer Name = Ryoo-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The server returned an invalid or unrecognized
response ErrorCode: 14007(0x36b7).

[ System Events ]
Error - 9/5/2012 4:05:40 AM | Computer Name = Ryoo-PC | Source = DCOM | ID = 10016
Description =

Error - 9/5/2012 4:05:40 AM | Computer Name = Ryoo-PC | Source = DCOM | ID = 10016
Description =

Error - 9/5/2012 10:24:31 AM | Computer Name = Ryoo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Microsoft Security Essentials Client Update Package - KB2691905.

Error - 9/5/2012 5:37:00 PM | Computer Name = Ryoo-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:28:06 PM on ?9/?5/?2012 was unexpected.

Error - 9/5/2012 5:38:16 PM | Computer Name = Ryoo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/5/2012 5:38:43 PM | Computer Name = Ryoo-PC | Source = DCOM | ID = 10010
Description =

Error - 9/5/2012 5:38:50 PM | Computer Name = Ryoo-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the cvhsvc service.

Error - 9/6/2012 1:34:23 AM | Computer Name = Ryoo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/6/2012 1:34:23 AM | Computer Name = Ryoo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/6/2012 1:34:24 AM | Computer Name = Ryoo-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

Edited by articaine, 06 September 2012 - 11:56 AM.


#10 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 06 September 2012 - 11:08 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Ryoo (administrator) on 06-09-2012 at 09:07:14
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Acrobat 8 Professional (Version: 8.1.0)
Adobe After Effects CS3 Presets (Version: 8)
Adobe AIR (Version: 2.7.0.19480)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.4.980)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Agatha Christie - Death on the Nile (Version: 2.2.0.82)
AHV content for Acrobat and Flash (Version: 1)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
„Windows Live Essentials“ (Version: 15.4.3502.0922)
„Windows Live Mail“ (Version: 15.4.3502.0922)
„Windows Live Messenger“ (Version: 15.4.3502.0922)
„Windows Live“ fotogalerija (Version: 15.4.3502.0922)
BatteryLifeExtender (Version: 1.0.11)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Build-a-lot (Version: 2.2.0.82)
Chairside 2009 Premium (Version: 2.0.5.0)
ChargeableUSB (Version: 1.0.0.0)
Chuzzle Deluxe (Version: 2.2.0.82)
ClinCheck (Version: 3.1.0.25)
Consult-PRO Network Premium Server (Version: 2.0.5.0)
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
CyberLink Media Suite (Version: 8.0.2227)
CyberLink MediaShow (Version: 5.0.1130a)
CyberLink Power2Go (Version: 6.1.3802)
CyberLink PowerDirector (Version: 8.0.3306)
CyberLink PowerDVD 10 (Version: 10.0.2310.52)
CyberLink YouCam (Version: 3.1.3509)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
DVDFab 8.1.3.2 (31/10/2011) Qt
EASEUS Data Recovery Wizard Professional 5.5.1
EASEUS Deleted File Recovery 3.0.1
Easy Content Share (Version: 1.0)
Easy Display Manager (Version: 3.2)
Easy Migration (Version: 1.0.0.5)
Easy Network Manager (Version: 4.4.6)
Easy SpeedUp Manager (Version: 2.1.1.1)
EasyBatteryManager (Version: 4.0.0.4)
EasyFileShare (Version: 1.0.11)
ETDWare PS/2-X64 10.7.14.12_WHQL (Version: 10.7.14.12)
Evernote v. 4.3 (Version: 4.3.0.4368)
Farm Frenzy (Version: 2.2.0.82)
Fast Start (Version: 2.2.0.0)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 21.0.1180.89)
Google Talk Plugin (Version: 3.5.1.8982)
iCloud (Version: 1.0.2.17)
ImageMixer 3 SE (Version: 3.00.042)
ImgBurn (Version: 2.5.7.0)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Processor Graphics (Version: 8.15.10.2622)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.0.82.0)
Intel® Wireless Display (Version: 2.0.27.0)
iTunes (Version: 10.6.3.25)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
John Deere Drive Green (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Tag Junior Plugin (Version: 3.2.19.13664)
LeapFrog Tag Plugin (Version: 3.2.19.13664)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Movie Color Enhancer (Version: 1.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia POP (Version: 1.1)
Norton Online Backup (Version: 2.1.17869)
NVIDIA Control Panel 266.72 (Version: 266.72)
NVIDIA Graphics Driver 266.72 (Version: 266.72)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA Optimus 1.0.15 (Version: 1.0.15)
NVIDIA Update Components (Version: 1.0.15)
PC Optimizer Pro (Version: 6.1.7.4)
PDF Settings (Version: 1.0)
Peggle (Version: 2.2.0.82)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Golfer (Version: 2.2.0.82)
Pošta Windows Live (Version: 15.4.3502.0922)
QuickTime (Version: 7.71.80.42)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Rapport (Version: 3.5.1108.77)
Rapport (Version: 3.5.1201.94)
Realtek Ethernet Controller Driver (Version: 7.33.1125.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6246)
RegCure Pro (Version: 3.1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Samsung AnyWeb Print (Version: 1.0)
Samsung AnyWeb Print (Version: 1.1.21.0)
Samsung Recovery Solution 5 (Version: 5.0.0.9)
Samsung Support Center 1.0 (Version: 1.1.38)
Samsung Universal Print Driver (Version: 2.01.06.00:16)
Samsung Universal Scan Driver (Version: 1.2.1.0)
Samsung Update Plus (Version: 3.0.1.17)
Sentinel Protection Installer 7.5.0 (Version: 7.5.0)
Skype™ 4.2 (Version: 4.2.169)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.8.1.32.g93407e5e)
SRS Premium Sound Control Panel (Version: 1.10.0301)
Synology Assistant (remove only)
System Requirements Lab for Intel (Version: 4.4.24.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 3.2.19.13664)
User Guide (Version: 1.0)
VLC media player 1.1.11 (Version: 1.1.11)
Vuze (Version: 4.7)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live ?? (Version: 15.4.3502.0922)
Windows Live ?? ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ??? (Version: 15.4.3508.1109)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Foto-galerija (Version: 15.4.3502.0922)
Windows Live fotoattelu galerija (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Pošta (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinUtilities 10.5 Professional Edition
Yahoo! Messenger
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 6055.12 MB
Available physical RAM: 4284.79 MB
Total Pagefile: 12108.43 MB
Available Pagefile: 9589.09 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.13 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:231 GB) (Free:139.59 GB) NTFS
2 Drive d: () (Fixed) (Total:343.58 GB) (Free:279.87 GB) NTFS

========================= Users: ========================================

User accounts for \\RYOO-PC

Administrator Guest Ryoo
UpdatusUser


**** End of log ****

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 06 September 2012 - 10:55 PM

Open up Chrome on the address bar type chrome:extensions and look for Align Technology Plugin. Click on the Remove button with the little bin icon.

Don't close it just yet, now go to Settings on the left pane -> Click Manage search engines -> Remove websearch entry and choose Google (there's a little X to the right).

Let me know how did the change go.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 07 September 2012 - 10:28 AM

Open up Chrome on the address bar type chrome:extensions and look for Align Technology Plugin. Click on the Remove button with the little bin icon.

Don't close it just yet, now go to Settings on the left pane -> Click Manage search engines -> Remove websearch entry and choose Google (there's a little X to the right).

Let me know how did the change go.


Conspire. It did the trick. Although, I do not know why 'Remove websearch' the ask.com wasn't there before. As for the Align Technology Plugin, that is a trusted plugin. Did the prescence of that mask the Ask.com?

#13 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 07 September 2012 - 12:07 PM

Sort of. But since it is a trusted plugin, we will move forward. Anymore issues left to be addressed? If not we are going to wrap this up.

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

===================================================

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.

**Please respond this one more time to ensure it is resolved and close this topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#14 articaine

articaine
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 07 September 2012 - 01:07 PM

Thanks for all your help!

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 07 September 2012 - 10:45 PM

You're welcome :)
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users