amuse702

Members

View Profile See their activity

Posts
14
Joined
May 9, 2013
Last visited
May 10, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by amuse702

accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

scratch that...there was a program called lyrics finder that i didn't know what it was...after uninstalling that, closing my browser, and reopening, the ad disappeared...thanks again!
- May 10, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

ok...i'm also getting this weird advertisement at the bottom of my google screen...this ad does not show up on any of my other computers...I have attached a pic of it
- May 10, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

o wait...one last question. when I got infected, I had an external drive connected...should I worry about the external drive being infected because for this troubleshooting process, I had unplugged the drive as the sticky had said to do...
- May 10, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

ok, i did everything...i believe that should do it. Thanks for everything!!
- May 10, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BCC283D-552F-4ABD-BA6F-6C6EC614C4BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{165ADE53-DD51-42D4-AB2B-5E861814DFAD}" = lport=10243 | protocol=6 | dir=in | app=system | "{188CC836-4488-484D-8A82-5D2FC94AF87A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{19193673-9489-41D2-8B8E-5540DBDA175F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{215C3807-7035-43B1-A3CD-82D332242C39}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | "{21C85322-BB3D-4547-97D6-2F00D86E1A57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{33C89BE4-2E6B-414D-8822-29D35B2B3932}" = lport=445 | protocol=6 | dir=in | app=system | "{35597E9F-3102-4EF9-8C0B-8806B30A8157}" = lport=2869 | protocol=6 | dir=in | app=system | "{59EAA7AF-688E-43E7-9004-87D4DCD46E4D}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe | "{63D7CDFA-06CF-45DA-A1C3-90A39F94AAF2}" = rport=137 | protocol=17 | dir=out | app=system | "{65DB5E3C-B7A3-4DDE-BB70-4902A62E2026}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{66209A55-0B5F-484D-A0FA-46EB26DB7F02}" = rport=445 | protocol=6 | dir=out | app=system | "{77ECB3A6-89F8-4D31-88E3-708F76453DB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{81E6B4E2-0419-4E84-B1E5-7581A7BBD096}" = lport=139 | protocol=6 | dir=in | app=system | "{84750F16-887A-45C8-90DF-A52470F0E42C}" = rport=139 | protocol=6 | dir=out | app=system | "{9551255C-095F-4C24-97AF-D8A732F1E291}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B70D4168-08BD-416B-A9DA-0DCED34D83CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BF1C6F1A-54F7-4473-B3E9-19372B8D6F96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C2AE47A0-16BA-4C46-994E-7E7F902AA79D}" = lport=137 | protocol=17 | dir=in | app=system | "{D4B3D74F-05AD-4517-854C-F68B21D2FF92}" = lport=138 | protocol=17 | dir=in | app=system | "{D8D2059A-2E9F-44ED-B5CA-08009ECEF921}" = rport=10243 | protocol=6 | dir=out | app=system | "{E01AFA4B-76C9-473B-8020-CF4D6E1F4062}" = rport=138 | protocol=17 | dir=out | app=system | "{E5890EE6-B63C-4DEF-BBDE-4D32F65C45F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E63A5BC6-1118-4674-A9B6-2BAD22CBD564}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E7ABA1AE-C503-455B-B5C8-CE5884670B1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01C1EBD0-FCD6-4C6E-8F1F-756E9825C5E7}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | "{0631BB37-6970-4639-A964-735C77D3BACC}" = dir=in | name=savings center featured offers | "{0BC73FBF-A6ED-4E83-8241-A99DE1B28CB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0DFE7D0C-9DF4-43C5-9447-76452DD41B6F}" = dir=out | name=microsoft mahjong | "{12836170-B71A-4DBF-B3B5-7D0CA8AB7EE0}" = dir=out | name=hp games | "{12F8F7A5-7A9C-4360-BD84-60073F7C2425}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{16DC1355-8FB3-46F2-80AD-302E71D41A4D}" = dir=out | name=iheartradio | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{1C03AB2B-C031-4388-8B9D-41C2E1D21BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{1EB1DB73-494D-4F8D-9B76-509E893A8221}" = protocol=6 | dir=out | app=system | "{2167C0EB-A0C2-4A74-BAB9-5326B024613E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{237B557E-BA73-42FA-B344-89D0C4F65E67}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{2815785B-CCC2-4A7A-8867-FACAC21A86D3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{2B7B8911-20A3-4EE0-9A33-935A9D57CDBB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2C3CF715-046B-450E-8C59-7E43686A9C15}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{2C9B55AF-E8E4-4D9B-A4D8-7EA3F19F5EEE}" = dir=in | name=kindle | "{2F97E4DF-90E9-46E3-9591-E3FDC45F3625}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{33569E39-F27F-4AB9-96B7-CD368FB20CE4}" = dir=out | name=hp registration | "{3453C340-834A-4009-874F-1CF647116B95}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{349BAA20-AE4D-4528-A9E8-2CAECD0F31EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{35453957-E3BB-48C4-A162-B91CCFAB8C64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{39B83C00-51A9-4A94-8954-9F9A15B03014}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | "{3BB49238-B3EC-49C4-AE69-781856853182}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe | "{3CB56DB1-515D-446B-8A9A-272BC67F0C94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F2F344A-0AED-4043-A50F-E1F84B5CF0F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{3FE684FB-433A-4E39-ABB3-08131184FDC7}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{413225F6-7994-4681-BFF2-018704865094}" = dir=out | name=taptiles | "{4362B399-4C8F-47A5-A8C3-0FD5048C1A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4B215E9A-EC12-419B-9935-921F2A769C50}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | "{4C3B5400-E5CC-4739-9988-010D3801AAB7}" = dir=out | name=kindle | "{55CABBD4-1D8C-4E55-B60B-C5247B15A85E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{562FC4E7-9802-4C2A-98A9-C1D7A2AA8CB7}" = dir=out | name=hp connected photo powered by snapfish | "{56AA02BC-D01D-4325-93AE-569CCC32C28B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{5871EEA7-4712-4F9E-BCB0-74BBA38FD1F9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{58DBAED0-AD3C-4EB8-B9D7-FEBCF380DA1D}" = dir=out | name=wordament | "{5DF75BC6-2C41-493C-BB83-76F4D130FE9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E9562CF-428B-4733-9D44-4E78D6C41373}" = dir=out | name=ebay | "{5F971022-DE78-4B4C-A763-94F503CE1184}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{60B08A6F-892C-4E91-A4A6-B67483A9E31F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{623E2686-B2F8-4883-B4BE-A8EA29895F1C}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{6C77D8C7-B2F2-46A6-BB8C-EBDE3AE19099}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C7CD722-D268-46BD-8E10-66D61C6A089C}" = dir=out | name=netflix | "{6F489120-4531-4D9D-8529-A2E9F4CD6F26}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{70DD170D-66E1-4644-9CCD-D376A16454D3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{72C93634-C67A-4AE5-BBAD-54BBEF26B8F6}" = dir=out | name=norton studio | "{7A0A538A-5BA9-4B51-A577-71E530392D12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{809617B4-1BD9-4005-98DD-A9BB1C3CABF2}" = dir=out | name=hp+ | "{81919611-E8A8-462D-A858-43DFB719B313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{81C5DFD6-2071-49D6-9B4C-3BA0091F7EF9}" = dir=out | name=savings center featured offers | "{84188206-0039-43C4-A219-01F2F22843D2}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{84B4E5A7-1DC0-437F-BA57-6CCC8584701E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{8804DB75-29B1-4469-BE79-FC1448461161}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{8AFB2AC9-1178-477B-BA02-A19BED67EA66}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8DD7D811-8D78-4309-A558-120583A4B5BD}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe | "{9210A769-5D36-4EEA-8916-4B314D185F34}" = dir=out | name=fresh paint | "{93E1117F-2AD9-4733-B0A5-1A1868F3ECCD}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{96CE91E8-2BAA-476A-B6F5-D8AFF05213BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{97320BFA-A73C-4521-922D-790A96D02787}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{993681EA-CD8A-49DD-A9FE-B1589E29FF8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{99AB6CF0-630C-4475-B7F7-1833251C4E05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{99DC9500-0357-49F2-92C1-A13323D67F90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9A8C16A5-0798-438D-AA6C-DB11476FB6E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9CE4CAA8-7214-439D-AFD1-A9D9371A734D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | "{9D8209DA-D817-44B9-A340-2AB2129214D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7DC6F18-C8A8-4034-806E-4A76962A4CFC}" = dir=out | name=getting started with windows 8 | "{A92E4BD7-B69E-4CB5-B306-2B63C68B35CE}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{AA153987-8B2C-46AF-9AF9-E3E9D9FB6AF2}" = dir=out | name=microsoft solitaire collection | "{AE6460BA-76DF-4177-BA22-D78B6440E549}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | "{B27AD42C-9349-497F-8B33-23FD0F7514CE}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe | "{BBD2CC80-BA8B-4278-A141-F14C53744196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D6E14819-0996-4084-BC37-CA84C66A6DCA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{D9608F4A-2420-42AE-8528-620913E750F7}" = dir=in | name=ebay | "{D9714417-DF5A-49A2-B173-9C2BE3D5AFAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DA5669BD-4AFD-43A4-AA49-B2CB64DA021A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DA7CB0D7-E9CE-469E-9046-A4973AA7636D}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe | "{E15ED100-A8CF-4398-83BF-D4BF7ACF64ED}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E2611488-0BAD-4D1B-BB3E-34389FE9FDF8}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{EE96288E-E3B9-486B-BAD5-31980BFE54B2}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{F3D3430F-303A-46CB-843E-CC3DAA13E453}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{F9A671C8-65B8-4379-B14D-575758D9A80A}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | "{FF05A88E-AFE9-4896-A4E6-8FEBDA28CE4D}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service "{DE788AD4-F7CE-4995-ADF8-56174A7B613C}" = Intel® Smart Connect Technology 3.0 x64 "{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel® PROSet/Wireless for Bluetooth® + High Speed "{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel® WiDi "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder "{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials "{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager "{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common "{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A33079-D1A0-4469-8903-C4A48B4975E2}" = HP Documentation "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVG SafeGuard toolbar" = AVG SafeGuard toolbar "GOM Player" = GOM Player "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "lfind@nijadsoft.net" = Lyrics Finder "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MSC" = McAfee AntiVirus Plus "Picasa 3" = Picasa 3 "StartHPConnectedMusic" = HP Connected Music (Meridian - installer) "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-0607a917-fbeb-47b0-820d-75a2a1df3c48" = John Deere Drive Green "WTA-1ec2b4c6-90a5-4f57-ac21-8286fbf71724" = 4 Elements II "WTA-2015de4d-314e-4fb4-8359-de99446f5ebc" = Zuma's Revenge "WTA-383c434a-c90b-4f20-a417-a74d0ad97681" = Airport Mania "WTA-4d254b18-a4b8-4f71-9070-31c4d3a5de3a" = Bounce Symphony "WTA-53953192-4e48-4ff2-8069-41874bad9cc2" = Hoyle Card Games "WTA-7ea3b0bb-8112-4a31-8ac7-ea09afee49a6" = Letters from Nowhere 2 "WTA-81c1f82d-b9d3-4253-a42e-7f773035b170" = Roads of Rome 3 "WTA-822c69db-f15b-4e42-86ea-31d4635d7a5d" = Build-a-lot "WTA-89aafc35-c70f-4cd7-bfe6-ab59afe53ee3" = Polar Bowler "WTA-8a5ebaec-ac55-4dcb-8f6a-01ee00c8d35e" = Bejeweled 3 "WTA-a172dfc6-1f87-4447-85a3-e22d94c82f69" = FATE: The Cursed King "WTA-a8515773-5f0d-4ff7-835c-d2b2c7657133" = Mah Jong Medley "WTA-aa1b8991-9e94-4704-94d2-8cf326e17c89" = Azteca "WTA-b1584b77-1f81-4c9e-a615-cbd51fec92d1" = Penguins! "WTA-b6a3139f-d2d6-4186-8abb-b2cb2042118d" = Polar Golfer "WTA-c771e9fc-7d38-40da-91a5-63345cebc02c" = Final Drive Fury "WTA-d9f2cc29-a332-4e82-8daa-a53921c8badd" = Mystery of Mortlake Mansion "WTA-e7255ce6-4e63-4028-9497-2ea24c1f3f5c" = The Treasures of Mystery Island: The Ghost Ship "WTA-f40f47bf-d991-406b-a823-653cf6c844b8" = Jewel Match 3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DSite" = Update for Audio Converter "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/23/2013 1:30:01 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 4/23/2013 1:30:01 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1218 Error - 4/23/2013 1:30:01 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1218 Error - 4/23/2013 8:48:35 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 4/23/2013 8:48:35 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 16611828 Error - 4/23/2013 8:48:35 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 16611828 Error - 4/23/2013 10:46:14 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 4/23/2013 10:46:14 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1125 Error - 4/23/2013 10:46:14 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1125 Error - 4/25/2013 1:21:59 AM | Computer Name = Hyunju | Source = Application Error | ID = 1000 Description = Faulting application name: mcsacore.exe, version: 3.6.1.106, time stamp: 0x5134ca77 Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405 Exception code: 0xc0000005 Fault offset: 0x0000000000005692 Faulting process id: 0x2a68 Faulting application start time: 0x01ce408a8441e8d8 Faulting application path: c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 0d1cfaae-ad68-11e2-be7a-606c660605e9 Faulting package full name: Faulting package-relative application ID: [ System Events ] Error - 4/5/2013 3:51:32 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7000 Description = The McAfee Platform Services service failed to start due to the following error: %%1053 Error - 4/5/2013 3:51:32 PM | Computer Name = Hyunju | Source = DCOM | ID = 10005 Description = Error - 4/8/2013 3:34:53 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7031 Description = The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 4/8/2013 3:35:53 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Home Network service, but this action failed with the following error: %%1056 Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7000 Description = The McAfee Platform Services service failed to start due to the following error: %%1053 Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = DCOM | ID = 10005 Description = Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect. Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7000 Description = The McAfee Platform Services service failed to start due to the following error: %%1053 Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = DCOM | ID = 10005 Description = < End of report >
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

I uninstalled the fix my speed. My logs are below. Thanks again OTL logfile created on: 5/9/2013 12:28:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hyunju\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 33.64% Memory free 4.96 Gb Paging File | 2.17 Gb Available in Paging File | 43.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 434.14 Gb Total Space | 337.74 Gb Free Space | 77.79% Space Free | Partition Type: NTFS Drive D: | 30.85 Gb Total Space | 0.76 Gb Free Space | 2.48% Space Free | Partition Type: NTFS Computer Name: HYUNJU | User Name: Hyunju | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/09 12:28:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hyunju\Desktop\OTL.exe PRC - [2013/05/07 19:55:08 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013/05/06 07:22:51 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\Hyunju\AppData\Roaming\Spotify\spotify.exe PRC - [2013/05/06 07:22:50 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/04/22 00:24:13 | 001,008,816 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe PRC - [2012/10/12 15:16:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012/09/29 02:42:26 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/09/07 18:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/09/07 18:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/09/06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012/08/27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012/08/16 21:36:26 | 000,316,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe PRC - [2012/07/20 03:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012/07/17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2012/07/17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/07/17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe PRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe ========== Modules (No Company Name) ========== MOD - [2013/05/06 07:22:50 | 024,985,600 | ---- | M] () -- C:\Users\Hyunju\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll MOD - [2013/04/09 01:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013/04/09 01:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013/04/09 01:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2013/03/25 20:07:48 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll MOD - [2013/03/25 20:07:44 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll MOD - [2013/03/25 20:07:05 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll MOD - [2013/03/25 20:06:54 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll MOD - [2013/03/25 20:06:53 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll MOD - [2013/03/25 20:06:34 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll MOD - [2013/03/25 20:06:22 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll MOD - [2013/03/25 20:06:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll MOD - [2013/03/25 20:06:02 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll MOD - [2013/03/25 20:05:43 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/04/17 20:24:40 | 000,335,216 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\AppStats\MfeASUM.exe -- (MfeASUM) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/03/01 09:08:02 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2013/02/02 01:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/12/26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/12/26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/11/30 15:26:33 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/11/30 15:25:36 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012/11/30 15:25:28 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012/11/30 15:25:23 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/11/05 21:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012/10/24 23:53:18 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/09/24 17:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012/09/24 17:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012/09/24 17:02:42 | 000,617,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012/09/24 17:02:16 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012/09/13 05:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2012/08/16 21:36:54 | 000,149,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV:64bit: - [2012/08/15 18:08:14 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® SRV - [2013/04/22 00:24:13 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0) SRV - [2013/03/04 11:23:30 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2012/11/30 15:25:23 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/11/02 05:22:44 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/10/12 18:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote) SRV - [2012/09/29 02:42:26 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/09/13 12:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/09/07 18:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/09/06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012/08/27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/07/20 03:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012/07/17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/07/17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/07/17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/09 07:33:45 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013/04/17 20:24:40 | 000,031,408 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\AppStats\MfeASKM.sys -- (MfeASKM) DRV:64bit: - [2013/03/02 03:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/03/02 03:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/03/02 03:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/02/02 04:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/02/02 00:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/12/26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/12/26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/12/26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/12/26 09:50:24 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk) DRV:64bit: - [2012/12/26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/12/26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/12/26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/30 15:25:25 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012/11/30 15:25:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/11/30 15:25:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/11/30 15:25:22 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/11/02 03:56:00 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2012/10/24 23:53:18 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012/10/10 12:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012/09/29 02:37:04 | 000,650,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/09/28 12:06:00 | 000,458,040 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/09/28 12:06:00 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/09/28 12:05:58 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012/09/19 15:10:02 | 000,298,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR) DRV:64bit: - [2012/09/13 05:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012/09/13 05:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012/08/31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/08/29 09:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012/08/27 09:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/16 21:31:28 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012/08/16 21:31:28 | 000,019,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012/08/16 21:31:26 | 000,020,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012/08/09 20:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012/08/09 20:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012/08/09 20:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort) DRV:64bit: - [2012/08/06 12:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012/07/31 16:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 19:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/20 18:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv) DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/06/19 23:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{EC84A32A-DDC0-46B9-878E-AE131D7BF78D}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\..\SearchScopes\{EC84A32A-DDC0-46B9-878E-AE131D7BF78D}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes,DefaultScope = {CB199B99-8FA0-4DAF-AA02-4FF3675AE934} IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{CB199B99-8FA0-4DAF-AA02-4FF3675AE934}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{D58E1C14-C0BA-4E9B-B9B3-8B86D5B87C61}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{EC84A32A-DDC0-46B9-878E-AE131D7BF78D}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/04/21 10:15:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013/05/08 18:56:17 | 000,000,000 | ---D | M] [2013/05/08 18:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = http://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=4E00606C660605E6 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Docs = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Search = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: SiteAdvisor = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\ CHR - Extension: Lyrics Finder = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: AVG SafeGuard toolbar = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.1.0.2_0\ CHR - Extension: Gmail = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001..\Run: [spotify] C:\Users\Hyunju\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001..\Run: [spotify Web Helper] C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} https://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab (KCPUX Class) O16 - DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} http://patch.clubnara.com/cinstall/ClubnaraCtrl.cab (Clubnara Web Control 2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}: DhcpNameServer = 24.205.192.61 24.205.224.36 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/09 12:28:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hyunju\Desktop\OTL.exe [2013/05/09 12:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/05/08 20:11:05 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Desktop\RK_Quarantine [2013/05/08 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\Malwarebytes [2013/05/08 19:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/08 19:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/08 19:51:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/08 19:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/05/08 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\Programs [2013/05/08 18:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help [2013/05/08 18:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioConverter [2013/05/08 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/05/08 18:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder [2013/05/08 18:56:09 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\DSite [2013/05/08 07:47:19 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\05월 08일 SBS 한밤의 TV연예 410회 - 초고화질 [2013/05/07 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/05/07 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\Deployment [2013/05/07 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\Apps [2013/05/04 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\05월 04일 MBC 백년의 유산 35회 - 초고화질 [2013/04/30 07:50:46 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\04월 30일 SBS 장옥정, 사랑에 살다 08회 - 고화질 [2013/04/26 17:15:55 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\Leadertech [2013/04/26 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\끝과 시작 (In My End is My Beginning, 2013) - 엄정화, 김효진, 황정민 [2013/04/25 23:18:24 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\04월 25일 MBC 천기누설 무릎팍도사 21회 - 유진 - 초고화질 [2013/04/25 05:17:56 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\04월 21일 KBS2 해피선데이 (스타 패밀리쇼 맘마미아) 02회 (KOR) [2013/04/22 16:15:07 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Desktop\show [2013/04/22 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\AVG SafeGuard toolbar [2013/04/22 00:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player [2013/04/22 00:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar [2013/04/22 00:24:21 | 000,040,736 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/04/22 00:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2013/04/22 00:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar [2013/04/22 00:23:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/04/22 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\GRETECH [2013/04/22 00:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/09 12:28:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hyunju\Desktop\OTL.exe [2013/05/09 12:05:53 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2013/05/09 12:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/09 11:56:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013/05/09 07:39:17 | 000,942,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/09 07:39:17 | 000,775,758 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/09 07:39:17 | 000,158,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/09 07:35:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/09 07:35:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/09 07:33:45 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013/05/09 07:33:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/05/09 07:33:23 | 3348,959,232 | -HS- | M] () -- C:\hiberfil.sys [2013/05/09 07:31:29 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/05/09 07:10:17 | 000,628,743 | ---- | M] () -- C:\Users\Hyunju\Desktop\adwcleaner.exe [2013/05/08 19:51:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/08 18:59:50 | 000,002,285 | ---- | M] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/05/08 18:56:24 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013/05/07 19:56:03 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/05/07 19:06:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHyunju.job [2013/04/22 00:24:40 | 000,001,215 | ---- | M] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2013/04/22 00:24:40 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk [2013/04/22 00:24:15 | 000,040,736 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/04/15 20:19:34 | 000,291,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/09 07:29:35 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/05/09 07:10:07 | 000,628,743 | ---- | C] () -- C:\Users\Hyunju\Desktop\adwcleaner.exe [2013/05/08 19:51:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/08 18:56:24 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013/05/08 18:56:11 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013/05/07 19:56:03 | 000,002,285 | ---- | C] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/05/07 19:56:03 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/05/07 19:55:09 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/07 19:55:08 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/22 00:24:40 | 000,001,215 | ---- | C] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk [2013/04/22 00:24:40 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk [2013/04/15 20:19:32 | 000,291,784 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/13 18:16:19 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013/03/18 17:34:39 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2013/03/18 17:32:25 | 000,005,435 | ---- | C] () -- C:\Users\Hyunju\AppData\Roaming\AbsoluteReminder.xml [2012/11/30 15:25:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/11/07 16:43:38 | 000,126,672 | ---- | C] () -- C:\Windows\SysWow64\KCPPaymentUX.dll [2012/11/02 03:56:08 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012/11/02 03:55:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/11/02 03:55:52 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012/08/03 15:40:09 | 000,959,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012/02/22 11:32:48 | 001,520,256 | ---- | C] () -- C:\Windows\SysWow64\ClubnaraCtrl_Update.exe ========== ZeroAccess Check ========== [2012/11/30 14:53:57 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/03/01 19:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/03/02 01:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/05/08 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\DSite [2013/03/18 17:56:43 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\IDT [2013/04/26 17:15:55 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\Leadertech [2013/05/09 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\Spotify [2013/03/18 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\Synaptics ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/03/21 09:54:01 | 000,000,000 | ---D | M](C:\Users\Hyunju\Documents\flumpool - 君に?け (너에게 닿기를 OST)) -- C:\Users\Hyunju\Documents\flumpool - 君に届け (너에게 닿기를 OST) [2013/03/21 09:54:01 | 000,000,000 | ---D | C](C:\Users\Hyunju\Documents\flumpool - 君に?け (너에게 닿기를 OST)) -- C:\Users\Hyunju\Documents\flumpool - 君に届け (너에게 닿기를 OST) < End of report > OTL Extras logfile created on: 5/9/2013 12:28:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hyunju\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 33.64% Memory free 4.96 Gb Paging File | 2.17 Gb Available in Paging File | 43.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 434.14 Gb Total Space | 337.74 Gb Free Space | 77.79% Space Free | Partition Type: NTFS Drive D: | 30.85 Gb Total Space | 0.76 Gb Free Space | 2.48% Space Free | Partition Type: NTFS Computer Name: HYUNJU | User Name: Hyunju | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

the pc fix speed still shows up in my taskbar
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 07:29:27 # Updated 28/04/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Hyunju - HYUNJU # Boot Mode : Normal # Running from : C:\Users\Hyunju\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : 24x7HelpSvc ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search File Deleted : C:\Users\Public\Desktop\24x7 Help.lnk File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\Yontoo Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Hyunju\AppData\LocalLow\Delta Folder Deleted : C:\Users\Hyunju\AppData\Roaming\24x7 Help Folder Deleted : C:\Users\Hyunju\AppData\Roaming\Babylon ***** [Registry] ***** Key Deleted : HKCU\Software\24x7HELP Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\24x7HELP Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6 --> hxxp://www.google.com -\\ Google Chrome v26.0.1410.64 File : C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.22] : icon_url = "hxxp://www.delta-search.com/favicon.ico", Deleted [l.25] : keyword = "delta-search.com", Deleted [l.29] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&[...] Deleted [l.2347] : homepage = "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605[...] Deleted [l.2563] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_s[...] ************************* AdwCleaner[R1].txt - [6995 octets] - [09/05/2013 07:11:13] AdwCleaner[R2].txt - [7055 octets] - [09/05/2013 07:29:13] AdwCleaner[s1].txt - [6848 octets] - [09/05/2013 07:29:27] ########## EOF - C:\AdwCleaner[s1].txt - [6908 octets] ##########
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

Thanks for the help. Here's the log file. # AdwCleaner v2.300 - Logfile created 05/09/2013 at 07:11:13 # Updated 28/04/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Hyunju - HYUNJU # Boot Mode : Normal # Running from : C:\Users\Hyunju\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** Found : 24x7HelpSvc ***** [Files / Folders] ***** File Found : C:\Users\Public\Desktop\24x7 Help.lnk File Found : C:\Users\Public\Desktop\eBay.lnk Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\Yontoo Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Hyunju\AppData\LocalLow\Delta Folder Found : C:\Users\Hyunju\AppData\Roaming\24x7 Help Folder Found : C:\Users\Hyunju\AppData\Roaming\Babylon ***** [Registry] ***** Key Found : HKCU\Software\24x7HELP Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\Software\24x7HELP Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6 -\\ Google Chrome v26.0.1410.64 File : C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.22] : icon_url = "hxxp://www.delta-search.com/favicon.ico", Found [l.25] : keyword = "delta-search.com", Found [l.29] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=4E00606C660605E6", Found [l.2347] : homepage = "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6", Found [l.2547] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6" ] ************************* AdwCleaner[R1].txt - [6882 octets] - [09/05/2013 07:11:13] ########## EOF - C:\AdwCleaner[R1].txt - [6942 octets] ##########
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

Have an issue with pc fix speed if anyone gets a chance. Thanks. Think I messed up with my last posts. Sorry bout that. I can't seem to add line breaks for some reason. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Hyunju at 20:24:19 on 2013-05-08 Microsoft Windows 8 6.2.9200.0.949.82.1033.18.3992.1030 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\24x7Help\App24x7Svc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\SysWOW64\irstrtsv.exe C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\McAfee\AppStats\MfeASUM.exe C:\Windows\system32\mfevtps.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Users\Hyunju\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files (x86)\24x7Help\App24x7Help.exe C:\Program Files (x86)\24x7Help\App24x7Hook.exe C:\Program Files (x86)\24x7Help\App24x7Hook64.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe C:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\PROGRA~1\McAfee\MSC\McAPExe.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wwahost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6 uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mWinlogon: Userinit = userinit.exe BHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll uRun: [spotify] "C:\Users\Hyunju\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Yontoo Desktop] "C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} - hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cab TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003} : DHCPNameServer = 24.205.192.61 24.205.224.36 TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\C696E6B6379737 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\E4544574541425 : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-29 650808] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 771096] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 339776] R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-3-20 31408] R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-5-8 342168] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-4 14904] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-4 2466448] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-3-4 193576] R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-8-16 149032] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-4 165760] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-4-17 120592] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-3-20 335216] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-3-18 1007288] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-3-18 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-18 182312] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-4 364416] R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-22 1008816] R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-8 23552] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 69672] R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-8-16 20968] R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-8-16 19944] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528] R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2013-3-4 43800] R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-8-16 46016] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-8-9 25568] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 515528] R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2012-11-2 328976] R3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032] R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-3-4 298128] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-4 690832] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-28 44344] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800] R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-3-4 34752] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-3-18 69168] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728] S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-28 197264] S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-8-9 35296] S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2012-11-2 97208] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176] S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-28 41272] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384] . =============== Created Last 30 ================ . 2013-05-09 02:51:50 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Malwarebytes 2013-05-09 02:51:34 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-09 02:51:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-09 02:51:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-09 02:51:03 -------- d-----w- C:\Users\Hyunju\AppData\Local\Programs 2013-05-09 01:59:20 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp 2013-05-09 01:57:43 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\24x7 Help 2013-05-09 01:57:35 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\BabSolution 2013-05-09 01:57:33 -------- d-----w- C:\Program Files (x86)\24x7Help 2013-05-09 01:57:30 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\PCFixSpeed 2013-05-09 01:57:30 -------- d-----w- C:\ProgramData\PCFixSpeed 2013-05-09 01:57:28 -------- d-----w- C:\Program Files (x86)\PCFixSpeed 2013-05-09 01:57:21 -------- d-----w- C:\Program Files (x86)\Delta 2013-05-09 01:57:20 -------- d-----w- C:\Program Files (x86)\AudioConverter 2013-05-09 01:57:13 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Delta 2013-05-09 01:57:12 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Yontoo 2013-05-09 01:57:10 -------- d-----w- C:\Program Files (x86)\Yontoo 2013-05-09 01:56:53 -------- d-----w- C:\ProgramData\Tarma Installer 2013-05-09 01:56:31 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Babylon 2013-05-09 01:56:31 -------- d-----w- C:\ProgramData\Babylon 2013-05-09 01:56:15 -------- d-----w- C:\Program Files (x86)\LyricsFinder 2013-05-09 01:56:09 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\DSite 2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Deployment 2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Apps 2013-05-08 01:45:44 -------- d-----w- C:\Windows\LastGood.Tmp 2013-05-07 04:49:20 193712 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10202.bin 2013-04-22 07:24:32 -------- d-----w- C:\Users\Hyunju\AppData\Local\AVG SafeGuard toolbar 2013-04-22 07:24:25 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar 2013-04-22 07:24:21 40736 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-04-22 07:24:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2013-04-22 07:24:16 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar 2013-04-22 07:23:52 -------- d--h--w- C:\ProgramData\Common Files 2013-04-22 07:23:12 -------- d-----w- C:\Program Files (x86)\GRETECH 2013-04-10 02:33:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-04-10 02:33:58 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-10 02:33:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-10 02:33:57 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-10 02:33:51 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 02:33:50 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 02:33:47 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-04-10 02:33:47 1011200 ----a-w- C:\Windows\System32\reseteng.dll . ==================== Find3M ==================== . 2013-05-09 01:59:20 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys 2013-04-10 02:58:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-04-10 02:58:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-04-10 02:58:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll 2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll 2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll 2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll 2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll 2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl 2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll 2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll 2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll 2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll 2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll 2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll 2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll 2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll 2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl 2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys 2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys 2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys 2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 20:25:26.36 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 3/18/2013 5:31:19 PM System Uptime: 5/8/2013 6:58:56 PM (2 hours ago) . Motherboard: Hewlett-Packard | | 1894 Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz | U3E1 | 1901/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 434 GiB total, 338.097 GiB free. D: is FIXED (NTFS) - 31 GiB total, 0.764 GiB free. F: is FIXED (NTFS) - 932 GiB total, 824.316 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter Device ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2 Manufacturer: Intel Corporation Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter PNP Device ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2 Service: BTHUSB . Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Description: USB-IF xHCI USB Host Controller Device ID: ROOT\UOIP_BUS_DRIVER\0000 Manufacturer: Intel Corporation Name: USB-IF xHCI USB Host Controller PNP Device ID: ROOT\UOIP_BUS_DRIVER\0000 Service: XHCIPort . ==== System Restore Points =================== . RP12: 4/21/2013 11:30:50 AM - Scheduled Checkpoint RP13: 4/23/2013 6:42:39 PM - HPSF Applying updates RP14: 4/23/2013 6:42:48 PM - HPSF Applying updates RP15: 5/1/2013 3:14:06 AM - Scheduled Checkpoint RP16: 5/7/2013 6:43:23 PM - HPSF Applying updates RP17: 5/7/2013 6:43:27 PM - HPSF Applying updates . ==== Installed Programs ====================== . 24x7 Help 4 Elements II Absolute Reminder Adobe Shockwave Player 11.6 Airport Mania Apple Application Support Apple Mobile Device Support Apple Software Update AVG SafeGuard toolbar Azteca Bejeweled 3 Bonjour Bounce Symphony Build-a-lot CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Delta Chrome Toolbar Delta toolbar Energy Star FATE: The Cursed King Final Drive Fury GOM Player Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP 3D DriveGuard HP Connected Music (Meridian - installer) HP Connected Remote HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP MyRoom HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Start Technology Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Smart Connect Technology 3.0 x64 Intel® WiDi Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client iTunes Jewel Match 3 John Deere Drive Green Letters from Nowhere 2 Lyrics Finder Mah Jong Medley Malwarebytes Anti-Malware version 1.75.0.1300 McAfee AntiVirus Plus Microsoft Application Error Reporting Microsoft Office Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Mystery of Mortlake Mansion Octoshape add-in for Adobe Flash Player PC Fix Speed 1.2.0.24 Penguins! Photo Common Photo Gallery Picasa 3 Polar Bowler Polar Golfer Realtek Ethernet Controller Driver Realtek PCIE Card Reader Roads of Rome 3 Shared C Run-time for x64 Spotify swMSM Synaptics Pointing Device Driver The Treasures of Mystery Island: The Ghost Ship Update for Audio Converter Update Installer for WildTangent Games App WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Yontoo 2.053 Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 5/8/2013 6:58:22 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. . ==== End Of File =========================== RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : Hyunju [Admin rights] Mode : Scan -- Date : 05/08/2013 20:31:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND [RUN][PREVRUN] HKLM\[...]\Run : BTMTrayAgent (rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1793697480-3637929884-3590639379-1001[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND [TASK][sUSP PATH] DSite.job : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND [TASK][sUSP PATH] DSite : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND [TASK][sUSP PATH] EPUpdater : C:\Users\Hyunju\AppData\Roaming\BabSolution\Shared\BabMaint.exe [7] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Intel Raid 0 Volume +++++ --- User --- [MBR] 0b1dc93a98362db1e316bd31c47ee991 [bSP] 94756980a46fbf8ed695be9404d54019 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Intel Raid 0 Volume +++++ --- User --- [MBR] 6ac288a3cf5bdb1750902f8ac778d1d3 [bSP] 78ddf370ecbd5f672819398e133cfced : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_05082013_02d2031.txt >> RKreport[1]_S_05082013_02d2031.txt
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Hyunju at 20:24:19 on 2013-05-08 Microsoft Windows 8 6.2.9200.0.949.82.1033.18.3992.1030 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\24x7Help\App24x7Svc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Windows\SysWOW64\irstrtsv.exe C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files\McAfee\AppStats\MfeASUM.exe C:\Windows\system32\mfevtps.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\taskhostex.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Users\Hyunju\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files (x86)\24x7Help\App24x7Help.exe C:\Program Files (x86)\24x7Help\App24x7Hook.exe C:\Program Files (x86)\24x7Help\App24x7Hook64.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe C:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\PROGRA~1\McAfee\MSC\McAPExe.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wwahost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6 uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mWinlogon: Userinit = userinit.exe BHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll uRun: [spotify] "C:\Users\Hyunju\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [spotify Web Helper] "C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Yontoo Desktop] "C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup mRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} - hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cab TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003} : DHCPNameServer = 24.205.192.61 24.205.224.36 TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\C696E6B6379737 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115 TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\E4544574541425 : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-29 650808] R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 771096] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 339776] R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-3-20 31408] R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-5-8 342168] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984] R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-4 14904] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-4 2466448] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-3-4 193576] R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-8-16 149032] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-4 165760] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-4-17 120592] R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296] R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-3-20 335216] R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-3-18 1007288] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-3-18 218320] R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-18 182312] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-4 364416] R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-22 1008816] R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-8 23552] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 69672] R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-8-16 20968] R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-8-16 19944] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528] R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2013-3-4 43800] R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-8-16 46016] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-8-9 25568] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 515528] R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2012-11-2 328976] R3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032] R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-3-4 298128] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-4 690832] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-28 44344] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800] R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-3-4 34752] S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-3-18 69168] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728] S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-28 197264] S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-8-9 35296] S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2012-11-2 97208] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176] S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-28 41272] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384] . =============== Created Last 30 ================ . 2013-05-09 02:51:50 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Malwarebytes 2013-05-09 02:51:34 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-09 02:51:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-09 02:51:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-09 02:51:03 -------- d-----w- C:\Users\Hyunju\AppData\Local\Programs 2013-05-09 01:59:20 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp 2013-05-09 01:57:43 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\24x7 Help 2013-05-09 01:57:35 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\BabSolution 2013-05-09 01:57:33 -------- d-----w- C:\Program Files (x86)\24x7Help 2013-05-09 01:57:30 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\PCFixSpeed 2013-05-09 01:57:30 -------- d-----w- C:\ProgramData\PCFixSpeed 2013-05-09 01:57:28 -------- d-----w- C:\Program Files (x86)\PCFixSpeed 2013-05-09 01:57:21 -------- d-----w- C:\Program Files (x86)\Delta 2013-05-09 01:57:20 -------- d-----w- C:\Program Files (x86)\AudioConverter 2013-05-09 01:57:13 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Delta 2013-05-09 01:57:12 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Yontoo 2013-05-09 01:57:10 -------- d-----w- C:\Program Files (x86)\Yontoo 2013-05-09 01:56:53 -------- d-----w- C:\ProgramData\Tarma Installer 2013-05-09 01:56:31 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Babylon 2013-05-09 01:56:31 -------- d-----w- C:\ProgramData\Babylon 2013-05-09 01:56:15 -------- d-----w- C:\Program Files (x86)\LyricsFinder 2013-05-09 01:56:09 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\DSite 2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Deployment 2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Apps 2013-05-08 01:45:44 -------- d-----w- C:\Windows\LastGood.Tmp 2013-05-07 04:49:20 193712 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10202.bin 2013-04-22 07:24:32 -------- d-----w- C:\Users\Hyunju\AppData\Local\AVG SafeGuard toolbar 2013-04-22 07:24:25 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar 2013-04-22 07:24:21 40736 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-04-22 07:24:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2013-04-22 07:24:16 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar 2013-04-22 07:23:52 -------- d--h--w- C:\ProgramData\Common Files 2013-04-22 07:23:12 -------- d-----w- C:\Program Files (x86)\GRETECH 2013-04-10 02:33:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-04-10 02:33:58 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-10 02:33:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-10 02:33:57 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-10 02:33:51 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 02:33:50 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 02:33:47 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-04-10 02:33:47 1011200 ----a-w- C:\Windows\System32\reseteng.dll . ==================== Find3M ==================== . 2013-05-09 01:59:20 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys 2013-04-10 02:58:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2013-04-10 02:58:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2013-04-10 02:58:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll 2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll 2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll 2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll 2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll 2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll 2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl 2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll 2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll 2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll 2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll 2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll 2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll 2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll 2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll 2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl 2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys 2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys 2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys 2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys 2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll 2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll 2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll 2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 20:25:26.36 ===============
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 3/18/2013 5:31:19 PM System Uptime: 5/8/2013 6:58:56 PM (2 hours ago) . Motherboard: Hewlett-Packard | | 1894 Processor: Intel® Core i3-3227U CPU @ 1.90GHz | U3E1 | 1901/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 434 GiB total, 338.097 GiB free. D: is FIXED (NTFS) - 31 GiB total, 0.764 GiB free. F: is FIXED (NTFS) - 932 GiB total, 824.316 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter Device ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2 Manufacturer: Intel Corporation Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter PNP Device ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2 Service: BTHUSB . Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Description: USB-IF xHCI USB Host Controller Device ID: ROOT\UOIP_BUS_DRIVER\0000 Manufacturer: Intel Corporation Name: USB-IF xHCI USB Host Controller PNP Device ID: ROOT\UOIP_BUS_DRIVER\0000 Service: XHCIPort . ==== System Restore Points =================== . RP12: 4/21/2013 11:30:50 AM - Scheduled Checkpoint RP13: 4/23/2013 6:42:39 PM - HPSF Applying updates RP14: 4/23/2013 6:42:48 PM - HPSF Applying updates RP15: 5/1/2013 3:14:06 AM - Scheduled Checkpoint RP16: 5/7/2013 6:43:23 PM - HPSF Applying updates RP17: 5/7/2013 6:43:27 PM - HPSF Applying updates . ==== Installed Programs ====================== . 24x7 Help 4 Elements II Absolute Reminder Adobe Shockwave Player 11.6 Airport Mania Apple Application Support Apple Mobile Device Support Apple Software Update AVG SafeGuard toolbar Azteca Bejeweled 3 Bonjour Bounce Symphony Build-a-lot CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Delta Chrome Toolbar Delta toolbar Energy Star FATE: The Cursed King Final Drive Fury GOM Player Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP 3D DriveGuard HP Connected Music (Meridian - installer) HP Connected Remote HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP MyRoom HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Start Technology Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Smart Connect Technology 3.0 x64 Intel® WiDi Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client iTunes Jewel Match 3 John Deere Drive Green Letters from Nowhere 2 Lyrics Finder Mah Jong Medley Malwarebytes Anti-Malware version 1.75.0.1300 McAfee AntiVirus Plus Microsoft Application Error Reporting Microsoft Office Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Mystery of Mortlake Mansion Octoshape add-in for Adobe Flash Player PC Fix Speed 1.2.0.24 Penguins! Photo Common Photo Gallery Picasa 3 Polar Bowler Polar Golfer Realtek Ethernet Controller Driver Realtek PCIE Card Reader Roads of Rome 3 Shared C Run-time for x64 Spotify swMSM Synaptics Pointing Device Driver The Treasures of Mystery Island: The Ghost Ship Update for Audio Converter Update Installer for WildTangent Games App WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Yontoo 2.053 Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 5/8/2013 6:58:22 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 replied to amuse702's topic in Resolved Malware Removal Logs

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : Hyunju [Admin rights] Mode : Scan -- Date : 05/08/2013 20:31:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND [RUN][PREVRUN] HKLM\[...]\Run : BTMTrayAgent (rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1793697480-3637929884-3590639379-1001[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND [TASK][sUSP PATH] DSite.job : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND [TASK][sUSP PATH] DSite : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND [TASK][sUSP PATH] EPUpdater : C:\Users\Hyunju\AppData\Roaming\BabSolution\Shared\BabMaint.exe [7] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Intel Raid 0 Volume +++++ --- User --- [MBR] 0b1dc93a98362db1e316bd31c47ee991 [bSP] 94756980a46fbf8ed695be9404d54019 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: Intel Raid 0 Volume +++++ --- User --- [MBR] 6ac288a3cf5bdb1750902f8ac778d1d3 [bSP] 78ddf370ecbd5f672819398e133cfced : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_05082013_02d2031.txt >> RKreport[1]_S_05082013_02d2031.txt
- May 9, 2013
- 20 replies
accidentally installed adware

amuse702 posted a topic in Resolved Malware Removal Logs

I have somehow gotten infect by pc fix speed. I would appreciate any help I could get in removing it as it's not getting picked up by any of my software. I've attached the relevant files. Thanks in advance. attach.txt dds.txt RKreport1_S_05082013_02d2031.txt
- May 9, 2013
- 20 replies

Sign In

amuse702

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by amuse702

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

accidentally installed adware

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information