amuse702 Posted May 9, 2013 ID:677605 Share Posted May 9, 2013 I have somehow gotten infect by pc fix speed. I would appreciate any help I could get in removing it as it's not getting picked up by any of my software. I've attached the relevant files. Thanks in advance.attach.txtdds.txtRKreport1_S_05082013_02d2031.txt Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677607 Share Posted May 9, 2013 RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Hyunju [Admin rights]Mode : Scan -- Date : 05/08/2013 20:31:57| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 8 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND[RUN][PREVRUN] HKLM\[...]\Run : BTMTrayAgent (rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp) [x] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1793697480-3637929884-3590639379-1001[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND[TASK][sUSP PATH] DSite.job : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND[TASK][sUSP PATH] DSite : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND[TASK][sUSP PATH] EPUpdater : C:\Users\Hyunju\AppData\Roaming\BabSolution\Shared\BabMaint.exe [7] -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Intel Raid 0 Volume +++++--- User ---[MBR] 0b1dc93a98362db1e316bd31c47ee991[bSP] 94756980a46fbf8ed695be9404d54019 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 MoUser = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive1: Intel Raid 0 Volume +++++--- User ---[MBR] 6ac288a3cf5bdb1750902f8ac778d1d3[bSP] 78ddf370ecbd5f672819398e133cfced : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1]_S_05082013_02d2031.txt >>RKreport[1]_S_05082013_02d2031.txt Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677609 Share Posted May 9, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 3/18/2013 5:31:19 PMSystem Uptime: 5/8/2013 6:58:56 PM (2 hours ago).Motherboard: Hewlett-Packard | | 1894Processor: Intel® Core i3-3227U CPU @ 1.90GHz | U3E1 | 1901/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 434 GiB total, 338.097 GiB free.D: is FIXED (NTFS) - 31 GiB total, 0.764 GiB free.F: is FIXED (NTFS) - 932 GiB total, 824.316 GiB free..==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed AdapterDevice ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2Manufacturer: Intel CorporationName: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed AdapterPNP Device ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2Service: BTHUSB.Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}Description: USB-IF xHCI USB Host ControllerDevice ID: ROOT\UOIP_BUS_DRIVER\0000Manufacturer: Intel CorporationName: USB-IF xHCI USB Host ControllerPNP Device ID: ROOT\UOIP_BUS_DRIVER\0000Service: XHCIPort.==== System Restore Points ===================.RP12: 4/21/2013 11:30:50 AM - Scheduled CheckpointRP13: 4/23/2013 6:42:39 PM - HPSF Applying updatesRP14: 4/23/2013 6:42:48 PM - HPSF Applying updatesRP15: 5/1/2013 3:14:06 AM - Scheduled CheckpointRP16: 5/7/2013 6:43:23 PM - HPSF Applying updatesRP17: 5/7/2013 6:43:27 PM - HPSF Applying updates.==== Installed Programs ======================.24x7 Help4 Elements IIAbsolute ReminderAdobe Shockwave Player 11.6Airport ManiaApple Application SupportApple Mobile Device SupportApple Software UpdateAVG SafeGuard toolbarAztecaBejeweled 3BonjourBounce SymphonyBuild-a-lotCyberLink Media Suite 10CyberLink PhotoDirectorCyberLink PowerDirector 10CyberLink PowerDVDCyberLink YouCamD3DX10Delta Chrome ToolbarDelta toolbar Energy StarFATE: The Cursed KingFinal Drive FuryGOM PlayerGoogle ChromeGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1Hoyle Card GamesHP 3D DriveGuardHP Connected Music (Meridian - installer)HP Connected RemoteHP CoolSenseHP Customer Experience EnhancementsHP DocumentationHP GamesHP MyRoomHP Postscript ConverterHP Quick LaunchHP Recovery ManagerHP Registration ServiceHP Support AssistantHP Utility CenterHP Wireless Button DriverIDT AudioIntel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® Rapid Start TechnologyIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Smart Connect Technology 3.0 x64Intel® WiDiIntel® PROSet/Wireless WiFi SoftwareIntel® Trusted Connect Service ClientiTunesJewel Match 3John Deere Drive GreenLetters from Nowhere 2Lyrics FinderMah Jong MedleyMalwarebytes Anti-Malware version 1.75.0.1300McAfee AntiVirus PlusMicrosoft Application Error ReportingMicrosoft OfficeMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Movie MakerMSVCRTMSVCRT110MSVCRT110_amd64Mystery of Mortlake MansionOctoshape add-in for Adobe Flash PlayerPC Fix Speed 1.2.0.24Penguins!Photo CommonPhoto GalleryPicasa 3Polar BowlerPolar GolferRealtek Ethernet Controller DriverRealtek PCIE Card ReaderRoads of Rome 3Shared C Run-time for x64SpotifyswMSMSynaptics Pointing Device DriverThe Treasures of Mystery Island: The Ghost ShipUpdate for Audio ConverterUpdate Installer for WildTangent Games AppWildTangent GamesWildTangent Games AppWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackYontoo 2.053Zuma's Revenge.==== Event Viewer Messages From Past Week ========.5/8/2013 6:58:22 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control..==== End Of File =========================== Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677610 Share Posted May 9, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16537Run by Hyunju at 20:24:19 on 2013-05-08Microsoft Windows 8 6.2.9200.0.949.82.1033.18.3992.1030 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\24x7Help\App24x7Svc.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\dashost.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Windows\SysWOW64\irstrtsv.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exec:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exeC:\Program Files\McAfee\AppStats\MfeASUM.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exeC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Users\Hyunju\AppData\Roaming\Spotify\spotify.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\24x7Help\App24x7Help.exeC:\Program Files (x86)\24x7Help\App24x7Hook.exeC:\Program Files (x86)\24x7Help\App24x7Hook64.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\PCFixSpeed\PCFixTray.exeC:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\PROGRA~1\McAfee\MSC\McAPExe.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\McAfee\Platform\mcuicnt.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\wwahost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6uSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllmWinlogon: Userinit = userinit.exeBHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllBHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dllTB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dlluRun: [spotify] "C:\Users\Hyunju\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [spotify Web Helper] "C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Yontoo Desktop] "C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeymRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startupmRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUPmRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exeIE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htmIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeDPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cabDPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} - hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cabTCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003} : DHCPNameServer = 24.205.192.61 24.205.224.36TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\C696E6B6379737 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\E4544574541425 : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-29 650808]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 771096]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 339776]R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-3-20 31408]R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-5-8 342168]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-4 14904]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-4 2466448]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-3-4 193576]R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-8-16 149032]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-4 165760]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-4-17 120592]R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-3-20 335216]R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-3-18 1007288]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-3-18 218320]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-18 182312]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-4 364416]R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-22 1008816]R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-8 23552]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 69672]R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-8-16 20968]R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-8-16 19944]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2013-3-4 43800]R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-8-16 46016]R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 309400]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 515528]R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2012-11-2 328976]R3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-3-4 298128]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-4 690832]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-28 44344]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-3-4 34752]S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-3-18 69168]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-28 197264]S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-8-9 35296]S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2012-11-2 97208]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-28 41272]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384].=============== Created Last 30 ================.2013-05-09 02:51:50 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Malwarebytes2013-05-09 02:51:34 -------- d-----w- C:\ProgramData\Malwarebytes2013-05-09 02:51:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-05-09 02:51:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-09 02:51:03 -------- d-----w- C:\Users\Hyunju\AppData\Local\Programs2013-05-09 01:59:20 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp2013-05-09 01:57:43 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\24x7 Help2013-05-09 01:57:35 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\BabSolution2013-05-09 01:57:33 -------- d-----w- C:\Program Files (x86)\24x7Help2013-05-09 01:57:30 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\PCFixSpeed2013-05-09 01:57:30 -------- d-----w- C:\ProgramData\PCFixSpeed2013-05-09 01:57:28 -------- d-----w- C:\Program Files (x86)\PCFixSpeed2013-05-09 01:57:21 -------- d-----w- C:\Program Files (x86)\Delta2013-05-09 01:57:20 -------- d-----w- C:\Program Files (x86)\AudioConverter2013-05-09 01:57:13 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Delta2013-05-09 01:57:12 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Yontoo2013-05-09 01:57:10 -------- d-----w- C:\Program Files (x86)\Yontoo2013-05-09 01:56:53 -------- d-----w- C:\ProgramData\Tarma Installer2013-05-09 01:56:31 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Babylon2013-05-09 01:56:31 -------- d-----w- C:\ProgramData\Babylon2013-05-09 01:56:15 -------- d-----w- C:\Program Files (x86)\LyricsFinder2013-05-09 01:56:09 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\DSite2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Deployment2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Apps2013-05-08 01:45:44 -------- d-----w- C:\Windows\LastGood.Tmp2013-05-07 04:49:20 193712 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10202.bin2013-04-22 07:24:32 -------- d-----w- C:\Users\Hyunju\AppData\Local\AVG SafeGuard toolbar2013-04-22 07:24:25 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar2013-04-22 07:24:21 40736 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-04-22 07:24:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search2013-04-22 07:24:16 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar2013-04-22 07:23:52 -------- d--h--w- C:\ProgramData\Common Files2013-04-22 07:23:12 -------- d-----w- C:\Program Files (x86)\GRETECH2013-04-10 02:33:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-04-10 02:33:58 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-04-10 02:33:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-04-10 02:33:57 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-04-10 02:33:51 4041728 ----a-w- C:\Windows\System32\win32k.sys2013-04-10 02:33:50 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-04-10 02:33:47 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll2013-04-10 02:33:47 1011200 ----a-w- C:\Windows\System32\reseteng.dll.==================== Find3M ====================.2013-05-09 01:59:20 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys2013-04-10 02:58:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-04-10 02:58:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-04-10 02:58:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys.============= FINISH: 20:25:26.36 =============== Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677756 Share Posted May 9, 2013 Have an issue with pc fix speed if anyone gets a chance. Thanks. Think I messed up with my last posts. Sorry bout that. I can't seem to add line breaks for some reason. DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16537Run by Hyunju at 20:24:19 on 2013-05-08Microsoft Windows 8 6.2.9200.0.949.82.1033.18.3992.1030 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\24x7Help\App24x7Svc.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\dashost.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Windows\SysWOW64\irstrtsv.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exec:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exeC:\Program Files\McAfee\AppStats\MfeASUM.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Common Files\McAfee\AMCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exeC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Users\Hyunju\AppData\Roaming\Spotify\spotify.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\24x7Help\App24x7Help.exeC:\Program Files (x86)\24x7Help\App24x7Hook.exeC:\Program Files (x86)\24x7Help\App24x7Hook64.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\PCFixSpeed\PCFixTray.exeC:\Program Files (x86)\PCFixSpeed\PCFixSpeed.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\PROGRA~1\McAfee\MSC\McAPExe.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\McAfee\Platform\mcuicnt.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\wwahost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6uSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllmWinlogon: Userinit = userinit.exeBHO: Lyrics Finder: {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllBHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dllTB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dlluRun: [spotify] "C:\Users\Hyunju\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartuRun: [spotify Web Helper] "C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [Yontoo Desktop] "C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeymRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [PCFixSpeed] "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startupmRun: [24x7HELP] "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUPmRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exeIE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htmIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeDPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cabDPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} - hxxp://patch.clubnara.com/cinstall/ClubnaraCtrl.cabTCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003} : DHCPNameServer = 24.205.192.61 24.205.224.36TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\C696E6B6379737 : DHCPNameServer = 24.205.192.61 24.205.224.36 68.116.46.115TCP: Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}\E4544574541425 : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-9-29 650808]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-11-9 771096]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-11-9 339776]R1 MfeASKM;McAfee Application Statistics Device Driver;C:\Program Files\McAfee\AppStats\MfeASKM.sys [2013-3-20 31408]R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2013-5-8 342168]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-9-13 731688]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-9-7 35232]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-4 14904]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-3-4 2466448]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2013-3-4 193576]R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-8-16 149032]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-4 165760]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-4-17 120592]R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-3-18 221296]R2 MfeASUM;McAfee Application Statistics Service;C:\Program Files\McAfee\AppStats\MfeASUM.exe [2013-3-20 335216]R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-3-18 1007288]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-3-18 218320]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-3-18 182312]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-3-4 364416]R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [2013-4-22 1008816]R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-8 23552]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-9-24 1153840]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-11-9 69672]R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\Drivers\ikbevent.sys [2012-8-16 20968]R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\Drivers\imsevent.sys [2012-8-16 19944]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2013-3-4 43800]R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\Drivers\ISCTD64.sys [2012-8-16 46016]R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-11-9 309400]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-11-9 515528]R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\Drivers\mfencbdc.sys [2012-11-2 328976]R3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\Windows\System32\Drivers\NETwew00.sys [2012-10-10 4309032]R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-3-4 298128]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-3-4 690832]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-28 44344]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-31 20800]R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\Drivers\WPRO_41_2001.sys [2013-3-4 34752]S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-3-18 69168]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\Drivers\AmpPal.sys [2012-9-13 162344]S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\Drivers\btmaux.sys [2012-8-27 121728]S3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-28 197264]S3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\Drivers\intelaud.sys [2012-8-9 35296]S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\Drivers\mfencrk.sys [2012-11-2 97208]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-9-24 272176]S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-28 41272]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384].=============== Created Last 30 ================.2013-05-09 02:51:50 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Malwarebytes2013-05-09 02:51:34 -------- d-----w- C:\ProgramData\Malwarebytes2013-05-09 02:51:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-05-09 02:51:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-05-09 02:51:03 -------- d-----w- C:\Users\Hyunju\AppData\Local\Programs2013-05-09 01:59:20 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp2013-05-09 01:57:43 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\24x7 Help2013-05-09 01:57:35 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\BabSolution2013-05-09 01:57:33 -------- d-----w- C:\Program Files (x86)\24x7Help2013-05-09 01:57:30 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\PCFixSpeed2013-05-09 01:57:30 -------- d-----w- C:\ProgramData\PCFixSpeed2013-05-09 01:57:28 -------- d-----w- C:\Program Files (x86)\PCFixSpeed2013-05-09 01:57:21 -------- d-----w- C:\Program Files (x86)\Delta2013-05-09 01:57:20 -------- d-----w- C:\Program Files (x86)\AudioConverter2013-05-09 01:57:13 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Delta2013-05-09 01:57:12 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Yontoo2013-05-09 01:57:10 -------- d-----w- C:\Program Files (x86)\Yontoo2013-05-09 01:56:53 -------- d-----w- C:\ProgramData\Tarma Installer2013-05-09 01:56:31 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\Babylon2013-05-09 01:56:31 -------- d-----w- C:\ProgramData\Babylon2013-05-09 01:56:15 -------- d-----w- C:\Program Files (x86)\LyricsFinder2013-05-09 01:56:09 -------- d-----w- C:\Users\Hyunju\AppData\Roaming\DSite2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Deployment2013-05-08 02:54:48 -------- d-----w- C:\Users\Hyunju\AppData\Local\Apps2013-05-08 01:45:44 -------- d-----w- C:\Windows\LastGood.Tmp2013-05-07 04:49:20 193712 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10202.bin2013-04-22 07:24:32 -------- d-----w- C:\Users\Hyunju\AppData\Local\AVG SafeGuard toolbar2013-04-22 07:24:25 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar2013-04-22 07:24:21 40736 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-04-22 07:24:19 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search2013-04-22 07:24:16 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar2013-04-22 07:23:52 -------- d--h--w- C:\ProgramData\Common Files2013-04-22 07:23:12 -------- d-----w- C:\Program Files (x86)\GRETECH2013-04-10 02:33:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-04-10 02:33:58 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-04-10 02:33:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-04-10 02:33:57 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-04-10 02:33:57 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-04-10 02:33:51 4041728 ----a-w- C:\Windows\System32\win32k.sys2013-04-10 02:33:50 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-04-10 02:33:47 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll2013-04-10 02:33:47 1011200 ----a-w- C:\Windows\System32\reseteng.dll.==================== Find3M ====================.2013-05-09 01:59:20 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys2013-04-10 02:58:06 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-04-10 02:58:06 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-04-10 02:58:06 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys.============= FINISH: 20:25:26.36 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 3/18/2013 5:31:19 PMSystem Uptime: 5/8/2013 6:58:56 PM (2 hours ago).Motherboard: Hewlett-Packard | | 1894Processor: Intel® Core™ i3-3227U CPU @ 1.90GHz | U3E1 | 1901/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 434 GiB total, 338.097 GiB free.D: is FIXED (NTFS) - 31 GiB total, 0.764 GiB free.F: is FIXED (NTFS) - 932 GiB total, 824.316 GiB free..==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed AdapterDevice ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2Manufacturer: Intel CorporationName: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed AdapterPNP Device ID: USB\VID_8087&PID_07DA\6&20BBC9CD&0&2Service: BTHUSB.Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}Description: USB-IF xHCI USB Host ControllerDevice ID: ROOT\UOIP_BUS_DRIVER\0000Manufacturer: Intel CorporationName: USB-IF xHCI USB Host ControllerPNP Device ID: ROOT\UOIP_BUS_DRIVER\0000Service: XHCIPort.==== System Restore Points ===================.RP12: 4/21/2013 11:30:50 AM - Scheduled CheckpointRP13: 4/23/2013 6:42:39 PM - HPSF Applying updatesRP14: 4/23/2013 6:42:48 PM - HPSF Applying updatesRP15: 5/1/2013 3:14:06 AM - Scheduled CheckpointRP16: 5/7/2013 6:43:23 PM - HPSF Applying updatesRP17: 5/7/2013 6:43:27 PM - HPSF Applying updates.==== Installed Programs ======================.24x7 Help4 Elements IIAbsolute ReminderAdobe Shockwave Player 11.6Airport ManiaApple Application SupportApple Mobile Device SupportApple Software UpdateAVG SafeGuard toolbarAztecaBejeweled 3BonjourBounce SymphonyBuild-a-lotCyberLink Media Suite 10CyberLink PhotoDirectorCyberLink PowerDirector 10CyberLink PowerDVDCyberLink YouCamD3DX10Delta Chrome ToolbarDelta toolbarEnergy StarFATE: The Cursed KingFinal Drive FuryGOM PlayerGoogle ChromeGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1Hoyle Card GamesHP 3D DriveGuardHP Connected Music (Meridian - installer)HP Connected RemoteHP CoolSenseHP Customer Experience EnhancementsHP DocumentationHP GamesHP MyRoomHP Postscript ConverterHP Quick LaunchHP Recovery ManagerHP Registration ServiceHP Support AssistantHP Utility CenterHP Wireless Button DriverIDT AudioIntel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® Rapid Start TechnologyIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Smart Connect Technology 3.0 x64Intel® WiDiIntel® PROSet/Wireless WiFi SoftwareIntel® Trusted Connect Service ClientiTunesJewel Match 3John Deere Drive GreenLetters from Nowhere 2Lyrics FinderMah Jong MedleyMalwarebytes Anti-Malware version 1.75.0.1300McAfee AntiVirus PlusMicrosoft Application Error ReportingMicrosoft OfficeMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Movie MakerMSVCRTMSVCRT110MSVCRT110_amd64Mystery of Mortlake MansionOctoshape add-in for Adobe Flash PlayerPC Fix Speed 1.2.0.24Penguins!Photo CommonPhoto GalleryPicasa 3Polar BowlerPolar GolferRealtek Ethernet Controller DriverRealtek PCIE Card ReaderRoads of Rome 3Shared C Run-time for x64SpotifyswMSMSynaptics Pointing Device DriverThe Treasures of Mystery Island: The Ghost ShipUpdate for Audio ConverterUpdate Installer for WildTangent Games AppWildTangent GamesWildTangent Games AppWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackYontoo 2.053Zuma's Revenge.==== Event Viewer Messages From Past Week ========.5/8/2013 6:58:22 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control..==== End Of File ===========================RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo...13-roguekiller/Website : http://tigzy.geeksto...roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Hyunju [Admin rights]Mode : Scan -- Date : 05/08/2013 20:31:57| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 8 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND[RUN][PREVRUN] HKLM\[...]\Run : BTMTrayAgent (rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp) [x] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1793697480-3637929884-3590639379-1001[...]\Run : Yontoo Desktop ("C:\Users\Hyunju\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> FOUND[TASK][sUSP PATH] DSite.job : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND[TASK][sUSP PATH] DSite : C:\Users\Hyunju\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe /Check [-] -> FOUND[TASK][sUSP PATH] EPUpdater : C:\Users\Hyunju\AppData\Roaming\BabSolution\Shared\BabMaint.exe [7] -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Intel Raid 0 Volume +++++--- User ---[MBR] 0b1dc93a98362db1e316bd31c47ee991[bSP] 94756980a46fbf8ed695be9404d54019 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 305245 MoUser = LL1 ... OK!Error reading LL2 MBR!+++++ PhysicalDrive1: Intel Raid 0 Volume +++++--- User ---[MBR] 6ac288a3cf5bdb1750902f8ac778d1d3[bSP] 78ddf370ecbd5f672819398e133cfced : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1]_S_05082013_02d2031.txt >>RKreport[1]_S_05082013_02d2031.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2013 ID:677758 Share Posted May 9, 2013 Welcome to the forum.Please uninstall these from your add/remove programs:Yontoo 2.053Delta Chrome ToolbarDelta toolbarThen:Please download AdwCleaner from here and save it on your Desktop.AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677764 Share Posted May 9, 2013 Thanks for the help. Here's the log file.# AdwCleaner v2.300 - Logfile created 05/09/2013 at 07:11:13# Updated 28/04/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : Hyunju - HYUNJU# Boot Mode : Normal# Running from : C:\Users\Hyunju\Desktop\adwcleaner.exe# Option [search]***** [services] *****Found : 24x7HelpSvc***** [Files / Folders] *****File Found : C:\Users\Public\Desktop\24x7 Help.lnkFile Found : C:\Users\Public\Desktop\eBay.lnkFolder Found : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Found : C:\Program Files (x86)\YontooFolder Found : C:\ProgramData\BabylonFolder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 HelpFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\Users\Hyunju\AppData\LocalLow\DeltaFolder Found : C:\Users\Hyunju\AppData\Roaming\24x7 HelpFolder Found : C:\Users\Hyunju\AppData\Roaming\Babylon***** [Registry] *****Key Found : HKCU\Software\24x7HELPKey Found : HKCU\Software\BabylonToolbarKey Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\Software\24x7HELPKey Found : HKLM\Software\AVG Security ToolbarKey Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\SKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Tarma InstallerKey Found : HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16537[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6-\\ Google Chrome v26.0.1410.64File : C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\PreferencesFound [l.22] : icon_url = "hxxp://www.delta-search.com/favicon.ico",Found [l.25] : keyword = "delta-search.com",Found [l.29] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=4E00606C660605E6",Found [l.2347] : homepage = "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6",Found [l.2547] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6" ]*************************AdwCleaner[R1].txt - [6882 octets] - [09/05/2013 07:11:13]########## EOF - C:\AdwCleaner[R1].txt - [6942 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2013 ID:677765 Share Posted May 9, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......reboot and let me know what problems are left.....MrC Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677770 Share Posted May 9, 2013 # AdwCleaner v2.300 - Logfile created 05/09/2013 at 07:29:27# Updated 28/04/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : Hyunju - HYUNJU# Boot Mode : Normal# Running from : C:\Users\Hyunju\Desktop\adwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : 24x7HelpSvc***** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure SearchFile Deleted : C:\Users\Public\Desktop\24x7 Help.lnkFile Deleted : C:\Users\Public\Desktop\eBay.lnkFolder Deleted : C:\Program Files (x86)\YontooFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 HelpFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\Hyunju\AppData\LocalLow\DeltaFolder Deleted : C:\Users\Hyunju\AppData\Roaming\24x7 HelpFolder Deleted : C:\Users\Hyunju\AppData\Roaming\Babylon***** [Registry] *****Key Deleted : HKCU\Software\24x7HELPKey Deleted : HKCU\Software\BabylonToolbarKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\Software\24x7HELPKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Tarma InstallerValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16537Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605E6 --> hxxp://www.google.com-\\ Google Chrome v26.0.1410.64File : C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.22] : icon_url = "hxxp://www.delta-search.com/favicon.ico",Deleted [l.25] : keyword = "delta-search.com",Deleted [l.29] : search_url = "hxxp://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&[...]Deleted [l.2347] : homepage = "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=4E00606C660605[...]Deleted [l.2563] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_s[...]*************************AdwCleaner[R1].txt - [6995 octets] - [09/05/2013 07:11:13]AdwCleaner[R2].txt - [7055 octets] - [09/05/2013 07:29:13]AdwCleaner[s1].txt - [6848 octets] - [09/05/2013 07:29:27]########## EOF - C:\AdwCleaner[s1].txt - [6908 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2013 ID:677773 Share Posted May 9, 2013 ....and how is it???? MrC Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677774 Share Posted May 9, 2013 the pc fix speed still shows up in my taskbar Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2013 ID:677775 Share Posted May 9, 2013 It's listed in your add/remove programs ---->PC Fix Speed 1.2.0.24See if you can uninstall it then/or.......Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://www.itxassociates.com/OT-Tools/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677854 Share Posted May 9, 2013 I uninstalled the fix my speed. My logs are below. Thanks againOTL logfile created on: 5/9/2013 12:28:42 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hyunju\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16540)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.90 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 33.64% Memory free4.96 Gb Paging File | 2.17 Gb Available in Paging File | 43.76% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 434.14 Gb Total Space | 337.74 Gb Free Space | 77.79% Space Free | Partition Type: NTFSDrive D: | 30.85 Gb Total Space | 0.76 Gb Free Space | 2.48% Space Free | Partition Type: NTFSComputer Name: HYUNJU | User Name: Hyunju | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/05/09 12:28:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hyunju\Desktop\OTL.exePRC - [2013/05/07 19:55:08 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exePRC - [2013/05/06 07:22:51 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\Hyunju\AppData\Roaming\Spotify\spotify.exePRC - [2013/05/06 07:22:50 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exePRC - [2013/04/22 00:24:13 | 001,008,816 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exePRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exePRC - [2012/10/12 15:16:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2012/09/29 02:42:26 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2012/09/07 18:33:08 | 000,581,024 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exePRC - [2012/09/07 18:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exePRC - [2012/09/06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exePRC - [2012/08/27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exePRC - [2012/08/16 21:36:26 | 000,316,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exePRC - [2012/07/20 03:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exePRC - [2012/07/17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2012/07/17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2012/07/17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe========== Modules (No Company Name) ==========MOD - [2013/05/06 07:22:50 | 024,985,600 | ---- | M] () -- C:\Users\Hyunju\AppData\Roaming\Spotify\Data\libcef.dllMOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dllMOD - [2013/04/09 01:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dllMOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dllMOD - [2013/04/09 01:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dllMOD - [2013/04/09 01:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dllMOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dllMOD - [2013/03/25 20:07:48 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dllMOD - [2013/03/25 20:07:44 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dllMOD - [2013/03/25 20:07:05 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dllMOD - [2013/03/25 20:06:54 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dllMOD - [2013/03/25 20:06:53 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dllMOD - [2013/03/25 20:06:34 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dllMOD - [2013/03/25 20:06:22 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dllMOD - [2013/03/25 20:06:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dllMOD - [2013/03/25 20:06:02 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dllMOD - [2013/03/25 20:05:43 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dllMOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll========== Services (SafeList) ==========SRV:64bit: - [2013/04/17 20:24:40 | 000,335,216 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\AppStats\MfeASUM.exe -- (MfeASUM)SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2013/03/01 09:08:02 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV:64bit: - [2013/02/02 01:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2012/12/26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV:64bit: - [2012/12/26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV:64bit: - [2012/11/30 15:26:33 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2012/11/30 15:25:36 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2012/11/30 15:25:28 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2012/11/30 15:25:23 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2012/11/05 21:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2012/10/24 23:53:18 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)SRV:64bit: - [2012/09/24 17:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)SRV:64bit: - [2012/09/24 17:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2012/09/24 17:02:42 | 000,617,776 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2012/09/24 17:02:16 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)SRV:64bit: - [2012/09/13 05:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)SRV:64bit: - [2012/08/16 21:36:54 | 000,149,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)SRV:64bit: - [2012/08/15 18:08:14 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV - [2013/04/22 00:24:13 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0)SRV - [2013/03/04 11:23:30 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)SRV - [2012/11/30 15:25:23 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2012/11/02 05:22:44 | 000,277,048 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/10/12 18:22:08 | 000,035,744 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)SRV - [2012/09/29 02:42:26 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2012/09/13 12:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2012/09/07 18:33:08 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)SRV - [2012/09/06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)SRV - [2012/08/27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2012/07/20 03:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)SRV - [2012/07/17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012/07/17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012/07/17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)========== Driver Services (SafeList) ==========DRV:64bit: - [2013/05/09 07:33:45 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys -- (WPRO_41_2001)DRV:64bit: - [2013/04/17 20:24:40 | 000,031,408 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\AppStats\MfeASKM.sys -- (MfeASKM)DRV:64bit: - [2013/03/02 03:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2013/03/02 03:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)DRV:64bit: - [2013/03/02 03:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)DRV:64bit: - [2013/02/02 04:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2013/02/02 00:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2012/12/26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)DRV:64bit: - [2012/12/26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)DRV:64bit: - [2012/12/26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)DRV:64bit: - [2012/12/26 09:50:24 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)DRV:64bit: - [2012/12/26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)DRV:64bit: - [2012/12/26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)DRV:64bit: - [2012/12/26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/11/30 15:25:25 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2012/11/30 15:25:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2012/11/30 15:25:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2012/11/30 15:25:22 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2012/11/02 03:56:00 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfencbdc.sys -- (mfencbdc)DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfencrk.sys -- (mfencrk)DRV:64bit: - [2012/10/24 23:53:18 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)DRV:64bit: - [2012/10/10 12:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)DRV:64bit: - [2012/09/29 02:37:04 | 000,650,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)DRV:64bit: - [2012/09/28 12:06:00 | 000,458,040 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2012/09/28 12:06:00 | 000,044,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)DRV:64bit: - [2012/09/28 12:05:58 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer)DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt)DRV:64bit: - [2012/09/19 15:10:02 | 000,298,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)DRV:64bit: - [2012/09/13 05:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)DRV:64bit: - [2012/09/13 05:35:08 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)DRV:64bit: - [2012/08/31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)DRV:64bit: - [2012/08/29 09:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2012/08/27 09:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/08/16 21:31:28 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT)DRV:64bit: - [2012/08/16 21:31:28 | 000,019,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\imsevent.sys -- (imsevent)DRV:64bit: - [2012/08/16 21:31:26 | 000,020,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ikbevent.sys -- (ikbevent)DRV:64bit: - [2012/08/09 20:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)DRV:64bit: - [2012/08/09 20:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)DRV:64bit: - [2012/08/09 20:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)DRV:64bit: - [2012/08/06 12:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)DRV:64bit: - [2012/07/31 16:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2012/07/25 19:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2012/07/20 18:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2012/06/19 23:40:52 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSIE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{EC84A32A-DDC0-46B9-878E-AE131D7BF78D}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKLM\..\SearchScopes\{EC84A32A-DDC0-46B9-878E-AE131D7BF78D}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes,DefaultScope = {CB199B99-8FA0-4DAF-AA02-4FF3675AE934}IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searIE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{CB199B99-8FA0-4DAF-AA02-4FF3675AE934}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{D58E1C14-C0BA-4E9B-B9B3-8B86D5B87C61}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\SearchScopes\{EC84A32A-DDC0-46B9-878E-AE131D7BF78D}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/04/21 10:15:35 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013/05/08 18:56:17 | 000,000,000 | ---D | M][2013/05/08 18:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions========== Chrome ==========CHR - default_search_provider: Delta Search (Enabled)CHR - default_search_provider: search_url = http://www2.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=4E00606C660605E6CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dllCHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dllCHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllCHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLLCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dllCHR - Extension: Google Docs = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\CHR - Extension: Google Docs = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\CHR - Extension: YouTube = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Google Search = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: SiteAdvisor = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.61.113.2_1\CHR - Extension: Lyrics Finder = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\CHR - Extension: AVG SafeGuard toolbar = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.1.0.2_0\CHR - Extension: Gmail = C:\Users\Hyunju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hostsO2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001..\Run: [spotify] C:\Users\Hyunju\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)O4 - HKU\S-1-5-21-1793697480-3637929884-3590639379-1001..\Run: [spotify Web Helper] C:\Users\Hyunju\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} https://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab (KCPUX Class)O16 - DPF: {55F0958D-C5ED-49E6-8769-E238D4429F57} http://patch.clubnara.com/cinstall/ClubnaraCtrl.cab (Clubnara Web Control 2)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E617EC38-2F3C-4760-9016-C20F2EA25003}: DhcpNameServer = 24.205.192.61 24.205.224.36O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/05/09 12:28:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hyunju\Desktop\OTL.exe[2013/05/09 12:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee[2013/05/08 20:11:05 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Desktop\RK_Quarantine[2013/05/08 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\Malwarebytes[2013/05/08 19:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/05/08 19:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/05/08 19:51:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/05/08 19:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/05/08 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\Programs[2013/05/08 18:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help[2013/05/08 18:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AudioConverter[2013/05/08 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2013/05/08 18:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder[2013/05/08 18:56:09 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\DSite[2013/05/08 07:47:19 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\05월 08일 SBS 한밤의 TV연예 410회 - 초고화질[2013/05/07 19:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome[2013/05/07 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\Deployment[2013/05/07 19:54:48 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\Apps[2013/05/04 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\05월 04일 MBC 백년의 유산 35회 - 초고화질[2013/04/30 07:50:46 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\04월 30일 SBS 장옥정, 사랑에 살다 08회 - 고화질[2013/04/26 17:15:55 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\Leadertech[2013/04/26 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\끝과 시작 (In My End is My Beginning, 2013) - 엄정화, 김효진, 황정민[2013/04/25 23:18:24 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\04월 25일 MBC 천기누설 무릎팍도사 21회 - 유진 - 초고화질[2013/04/25 05:17:56 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Documents\04월 21일 KBS2 해피선데이 (스타 패밀리쇼 맘마미아) 02회 (KOR)[2013/04/22 16:15:07 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\Desktop\show[2013/04/22 00:24:32 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Local\AVG SafeGuard toolbar[2013/04/22 00:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player[2013/04/22 00:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar[2013/04/22 00:24:21 | 000,040,736 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys[2013/04/22 00:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search[2013/04/22 00:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar[2013/04/22 00:23:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files[2013/04/22 00:23:35 | 000,000,000 | ---D | C] -- C:\Users\Hyunju\AppData\Roaming\GRETECH[2013/04/22 00:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/05/09 12:28:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hyunju\Desktop\OTL.exe[2013/05/09 12:05:53 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk[2013/05/09 12:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/05/09 11:56:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DSite.job[2013/05/09 07:39:17 | 000,942,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/05/09 07:39:17 | 000,775,758 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/05/09 07:39:17 | 000,158,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/05/09 07:35:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/05/09 07:35:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/05/09 07:33:45 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys[2013/05/09 07:33:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2013/05/09 07:33:23 | 3348,959,232 | -HS- | M] () -- C:\hiberfil.sys[2013/05/09 07:31:29 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat[2013/05/09 07:10:17 | 000,628,743 | ---- | M] () -- C:\Users\Hyunju\Desktop\adwcleaner.exe[2013/05/08 19:51:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/05/08 18:59:50 | 000,002,285 | ---- | M] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2013/05/08 18:56:24 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job[2013/05/07 19:56:03 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/05/07 19:06:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHyunju.job[2013/04/22 00:24:40 | 000,001,215 | ---- | M] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk[2013/04/22 00:24:40 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk[2013/04/22 00:24:15 | 000,040,736 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys[2013/04/15 20:19:34 | 000,291,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2013/05/09 07:29:35 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat[2013/05/09 07:10:07 | 000,628,743 | ---- | C] () -- C:\Users\Hyunju\Desktop\adwcleaner.exe[2013/05/08 19:51:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/05/08 18:56:24 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Lyrics Finder Update.job[2013/05/08 18:56:11 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\DSite.job[2013/05/07 19:56:03 | 000,002,285 | ---- | C] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2013/05/07 19:56:03 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/05/07 19:55:09 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/05/07 19:55:08 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/04/22 00:24:40 | 000,001,215 | ---- | C] () -- C:\Users\Hyunju\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk[2013/04/22 00:24:40 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk[2013/04/15 20:19:32 | 000,291,784 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/04/13 18:16:19 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml[2013/03/18 17:34:39 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc[2013/03/18 17:32:25 | 000,005,435 | ---- | C] () -- C:\Users\Hyunju\AppData\Roaming\AbsoluteReminder.xml[2012/11/30 15:25:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll[2012/11/07 16:43:38 | 000,126,672 | ---- | C] () -- C:\Windows\SysWow64\KCPPaymentUX.dll[2012/11/02 03:56:08 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin[2012/11/02 03:55:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2012/11/02 03:55:52 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin[2012/08/03 15:40:09 | 000,959,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll[2012/02/22 11:32:48 | 001,520,256 | ---- | C] () -- C:\Windows\SysWow64\ClubnaraCtrl_Update.exe========== ZeroAccess Check ==========[2012/11/30 14:53:57 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/03/01 19:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/03/02 01:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2013/05/08 18:56:09 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\DSite[2013/03/18 17:56:43 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\IDT[2013/04/26 17:15:55 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\Leadertech[2013/05/09 12:35:32 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\Spotify[2013/03/18 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Hyunju\AppData\Roaming\Synaptics========== Purity Check ==================== Files - Unicode (All) ==========[2013/03/21 09:54:01 | 000,000,000 | ---D | M](C:\Users\Hyunju\Documents\flumpool - 君に?け (너에게 닿기를 OST)) -- C:\Users\Hyunju\Documents\flumpool - 君に届け (너에게 닿기를 OST)[2013/03/21 09:54:01 | 000,000,000 | ---D | C](C:\Users\Hyunju\Documents\flumpool - 君に?け (너에게 닿기를 OST)) -- C:\Users\Hyunju\Documents\flumpool - 君に届け (너에게 닿기를 OST)< End of report > OTL Extras logfile created on: 5/9/2013 12:28:42 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hyunju\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16540)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.90 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 33.64% Memory free4.96 Gb Paging File | 2.17 Gb Available in Paging File | 43.76% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 434.14 Gb Total Space | 337.74 Gb Free Space | 77.79% Space Free | Partition Type: NTFSDrive D: | 30.85 Gb Total Space | 0.76 Gb Free Space | 2.48% Space Free | Partition Type: NTFSComputer Name: HYUNJU | User Name: Hyunju | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) Link to post Share on other sites More sharing options...
amuse702 Posted May 9, 2013 Author ID:677855 Share Posted May 9, 2013 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0BCC283D-552F-4ABD-BA6F-6C6EC614C4BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{165ADE53-DD51-42D4-AB2B-5E861814DFAD}" = lport=10243 | protocol=6 | dir=in | app=system |"{188CC836-4488-484D-8A82-5D2FC94AF87A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{19193673-9489-41D2-8B8E-5540DBDA175F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{215C3807-7035-43B1-A3CD-82D332242C39}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe |"{21C85322-BB3D-4547-97D6-2F00D86E1A57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{33C89BE4-2E6B-414D-8822-29D35B2B3932}" = lport=445 | protocol=6 | dir=in | app=system |"{35597E9F-3102-4EF9-8C0B-8806B30A8157}" = lport=2869 | protocol=6 | dir=in | app=system |"{59EAA7AF-688E-43E7-9004-87D4DCD46E4D}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe |"{63D7CDFA-06CF-45DA-A1C3-90A39F94AAF2}" = rport=137 | protocol=17 | dir=out | app=system |"{65DB5E3C-B7A3-4DDE-BB70-4902A62E2026}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{66209A55-0B5F-484D-A0FA-46EB26DB7F02}" = rport=445 | protocol=6 | dir=out | app=system |"{77ECB3A6-89F8-4D31-88E3-708F76453DB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{81E6B4E2-0419-4E84-B1E5-7581A7BBD096}" = lport=139 | protocol=6 | dir=in | app=system |"{84750F16-887A-45C8-90DF-A52470F0E42C}" = rport=139 | protocol=6 | dir=out | app=system |"{9551255C-095F-4C24-97AF-D8A732F1E291}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{B70D4168-08BD-416B-A9DA-0DCED34D83CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{BF1C6F1A-54F7-4473-B3E9-19372B8D6F96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{C2AE47A0-16BA-4C46-994E-7E7F902AA79D}" = lport=137 | protocol=17 | dir=in | app=system |"{D4B3D74F-05AD-4517-854C-F68B21D2FF92}" = lport=138 | protocol=17 | dir=in | app=system |"{D8D2059A-2E9F-44ED-B5CA-08009ECEF921}" = rport=10243 | protocol=6 | dir=out | app=system |"{E01AFA4B-76C9-473B-8020-CF4D6E1F4062}" = rport=138 | protocol=17 | dir=out | app=system |"{E5890EE6-B63C-4DEF-BBDE-4D32F65C45F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{E63A5BC6-1118-4674-A9B6-2BAD22CBD564}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{E7ABA1AE-C503-455B-B5C8-CE5884670B1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01C1EBD0-FCD6-4C6E-8F1F-756E9825C5E7}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |"{0631BB37-6970-4639-A964-735C77D3BACC}" = dir=in | name=savings center featured offers |"{0BC73FBF-A6ED-4E83-8241-A99DE1B28CB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{0DFE7D0C-9DF4-43C5-9447-76452DD41B6F}" = dir=out | name=microsoft mahjong |"{12836170-B71A-4DBF-B3B5-7D0CA8AB7EE0}" = dir=out | name=hp games |"{12F8F7A5-7A9C-4360-BD84-60073F7C2425}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{16DC1355-8FB3-46F2-80AD-302E71D41A4D}" = dir=out | name=iheartradio |"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |"{1C03AB2B-C031-4388-8B9D-41C2E1D21BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{1EB1DB73-494D-4F8D-9B76-509E893A8221}" = protocol=6 | dir=out | app=system |"{2167C0EB-A0C2-4A74-BAB9-5326B024613E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{237B557E-BA73-42FA-B344-89D0C4F65E67}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |"{2815785B-CCC2-4A7A-8867-FACAC21A86D3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |"{2B7B8911-20A3-4EE0-9A33-935A9D57CDBB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{2C3CF715-046B-450E-8C59-7E43686A9C15}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |"{2C9B55AF-E8E4-4D9B-A4D8-7EA3F19F5EEE}" = dir=in | name=kindle |"{2F97E4DF-90E9-46E3-9591-E3FDC45F3625}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |"{33569E39-F27F-4AB9-96B7-CD368FB20CE4}" = dir=out | name=hp registration |"{3453C340-834A-4009-874F-1CF647116B95}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |"{349BAA20-AE4D-4528-A9E8-2CAECD0F31EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{35453957-E3BB-48C4-A162-B91CCFAB8C64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{39B83C00-51A9-4A94-8954-9F9A15B03014}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |"{3BB49238-B3EC-49C4-AE69-781856853182}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |"{3CB56DB1-515D-446B-8A9A-272BC67F0C94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{3F2F344A-0AED-4043-A50F-E1F84B5CF0F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{3FE684FB-433A-4E39-ABB3-08131184FDC7}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |"{413225F6-7994-4681-BFF2-018704865094}" = dir=out | name=taptiles |"{4362B399-4C8F-47A5-A8C3-0FD5048C1A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{4B215E9A-EC12-419B-9935-921F2A769C50}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |"{4C3B5400-E5CC-4739-9988-010D3801AAB7}" = dir=out | name=kindle |"{55CABBD4-1D8C-4E55-B60B-C5247B15A85E}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |"{562FC4E7-9802-4C2A-98A9-C1D7A2AA8CB7}" = dir=out | name=hp connected photo powered by snapfish |"{56AA02BC-D01D-4325-93AE-569CCC32C28B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |"{5871EEA7-4712-4F9E-BCB0-74BBA38FD1F9}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |"{58DBAED0-AD3C-4EB8-B9D7-FEBCF380DA1D}" = dir=out | name=wordament |"{5DF75BC6-2C41-493C-BB83-76F4D130FE9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{5E9562CF-428B-4733-9D44-4E78D6C41373}" = dir=out | name=ebay |"{5F971022-DE78-4B4C-A763-94F503CE1184}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{60B08A6F-892C-4E91-A4A6-B67483A9E31F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |"{623E2686-B2F8-4883-B4BE-A8EA29895F1C}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |"{6C77D8C7-B2F2-46A6-BB8C-EBDE3AE19099}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{6C7CD722-D268-46BD-8E10-66D61C6A089C}" = dir=out | name=netflix |"{6F489120-4531-4D9D-8529-A2E9F4CD6F26}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |"{70DD170D-66E1-4644-9CCD-D376A16454D3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |"{72C93634-C67A-4AE5-BBAD-54BBEF26B8F6}" = dir=out | name=norton studio |"{7A0A538A-5BA9-4B51-A577-71E530392D12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |"{809617B4-1BD9-4005-98DD-A9BB1C3CABF2}" = dir=out | name=hp+ |"{81919611-E8A8-462D-A858-43DFB719B313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{81C5DFD6-2071-49D6-9B4C-3BA0091F7EF9}" = dir=out | name=savings center featured offers |"{84188206-0039-43C4-A219-01F2F22843D2}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |"{84B4E5A7-1DC0-437F-BA57-6CCC8584701E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |"{8804DB75-29B1-4469-BE79-FC1448461161}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |"{8AFB2AC9-1178-477B-BA02-A19BED67EA66}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{8DD7D811-8D78-4309-A558-120583A4B5BD}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe |"{9210A769-5D36-4EEA-8916-4B314D185F34}" = dir=out | name=fresh paint |"{93E1117F-2AD9-4733-B0A5-1A1868F3ECCD}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |"{96CE91E8-2BAA-476A-B6F5-D8AFF05213BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{97320BFA-A73C-4521-922D-790A96D02787}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |"{993681EA-CD8A-49DD-A9FE-B1589E29FF8C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{99AB6CF0-630C-4475-B7F7-1833251C4E05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{99DC9500-0357-49F2-92C1-A13323D67F90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{9A8C16A5-0798-438D-AA6C-DB11476FB6E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{9CE4CAA8-7214-439D-AFD1-A9D9371A734D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |"{9D8209DA-D817-44B9-A340-2AB2129214D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{A7DC6F18-C8A8-4034-806E-4A76962A4CFC}" = dir=out | name=getting started with windows 8 |"{A92E4BD7-B69E-4CB5-B306-2B63C68B35CE}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |"{AA153987-8B2C-46AF-9AF9-E3E9D9FB6AF2}" = dir=out | name=microsoft solitaire collection |"{AE6460BA-76DF-4177-BA22-D78B6440E549}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |"{B27AD42C-9349-497F-8B33-23FD0F7514CE}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |"{BBD2CC80-BA8B-4278-A141-F14C53744196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{D6E14819-0996-4084-BC37-CA84C66A6DCA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |"{D9608F4A-2420-42AE-8528-620913E750F7}" = dir=in | name=ebay |"{D9714417-DF5A-49A2-B173-9C2BE3D5AFAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{DA5669BD-4AFD-43A4-AA49-B2CB64DA021A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{DA7CB0D7-E9CE-469E-9046-A4973AA7636D}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |"{E15ED100-A8CF-4398-83BF-D4BF7ACF64ED}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |"{E2611488-0BAD-4D1B-BB3E-34389FE9FDF8}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |"{EE96288E-E3B9-486B-BAD5-31980BFE54B2}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |"{F3D3430F-303A-46CB-843E-CC3DAA13E453}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |"{F9A671C8-65B8-4379-B14D-575758D9A80A}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |"{FF05A88E-AFE9-4896-A4E6-8FEBDA28CE4D}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel® PROSet/Wireless Software for Bluetooth® Technology"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}" = HP Registration Service"{DE788AD4-F7CE-4995-ADF8-56174A7B613C}" = Intel® Smart Connect Technology 3.0 x64"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel® PROSet/Wireless for Bluetooth® + High Speed"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel® WiDi"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64"ProInst" = Intel PROSet Wireless"SynTPDeinstKey" = Synaptics Pointing Device Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{73A33079-D1A0-4469-8903-C4A48B4975E2}" = HP Documentation"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E5823036-6F09-4D0A-B05C-E2BAA129288A}" = HP Quick Launch"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"AVG SafeGuard toolbar" = AVG SafeGuard toolbar"GOM Player" = GOM Player"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"lfind@nijadsoft.net" = Lyrics Finder"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MSC" = McAfee AntiVirus Plus"Picasa 3" = Picasa 3"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)"WildTangent hp Master Uninstall" = HP Games"WildTangent wildgames Master Uninstall" = WildTangent Games"WinLiveSuite" = Windows Live Essentials"WTA-0607a917-fbeb-47b0-820d-75a2a1df3c48" = John Deere Drive Green"WTA-1ec2b4c6-90a5-4f57-ac21-8286fbf71724" = 4 Elements II"WTA-2015de4d-314e-4fb4-8359-de99446f5ebc" = Zuma's Revenge"WTA-383c434a-c90b-4f20-a417-a74d0ad97681" = Airport Mania"WTA-4d254b18-a4b8-4f71-9070-31c4d3a5de3a" = Bounce Symphony"WTA-53953192-4e48-4ff2-8069-41874bad9cc2" = Hoyle Card Games"WTA-7ea3b0bb-8112-4a31-8ac7-ea09afee49a6" = Letters from Nowhere 2"WTA-81c1f82d-b9d3-4253-a42e-7f773035b170" = Roads of Rome 3"WTA-822c69db-f15b-4e42-86ea-31d4635d7a5d" = Build-a-lot"WTA-89aafc35-c70f-4cd7-bfe6-ab59afe53ee3" = Polar Bowler"WTA-8a5ebaec-ac55-4dcb-8f6a-01ee00c8d35e" = Bejeweled 3"WTA-a172dfc6-1f87-4447-85a3-e22d94c82f69" = FATE: The Cursed King"WTA-a8515773-5f0d-4ff7-835c-d2b2c7657133" = Mah Jong Medley"WTA-aa1b8991-9e94-4704-94d2-8cf326e17c89" = Azteca"WTA-b1584b77-1f81-4c9e-a615-cbd51fec92d1" = Penguins!"WTA-b6a3139f-d2d6-4186-8abb-b2cb2042118d" = Polar Golfer"WTA-c771e9fc-7d38-40da-91a5-63345cebc02c" = Final Drive Fury"WTA-d9f2cc29-a332-4e82-8daa-a53921c8badd" = Mystery of Mortlake Mansion"WTA-e7255ce6-4e63-4028-9497-2ea24c1f3f5c" = The Treasures of Mystery Island: The Ghost Ship"WTA-f40f47bf-d991-406b-a823-653cf6c844b8" = Jewel Match 3========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1793697480-3637929884-3590639379-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"DSite" = Update for Audio Converter"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player"Spotify" = Spotify========== Last 20 Event Log Errors ==========[ Application Events ]Error - 4/23/2013 1:30:01 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 4/23/2013 1:30:01 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1218Error - 4/23/2013 1:30:01 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1218Error - 4/23/2013 8:48:35 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 4/23/2013 8:48:35 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 16611828Error - 4/23/2013 8:48:35 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 16611828Error - 4/23/2013 10:46:14 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 4/23/2013 10:46:14 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1125Error - 4/23/2013 10:46:14 PM | Computer Name = Hyunju | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1125Error - 4/25/2013 1:21:59 AM | Computer Name = Hyunju | Source = Application Error | ID = 1000Description = Faulting application name: mcsacore.exe, version: 3.6.1.106, timestamp: 0x5134ca77 Faulting module name: ntdll.dll, version: 6.2.9200.16420, timestamp: 0x505ab405 Exception code: 0xc0000005 Fault offset: 0x0000000000005692 Faulting process id: 0x2a68 Faulting application start time: 0x01ce408a8441e8d8 Faulting application path: c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dllReport Id: 0d1cfaae-ad68-11e2-be7a-606c660605e9 Faulting package full name: Faulting package-relative application ID:[ System Events ]Error - 4/5/2013 3:51:32 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7000Description = The McAfee Platform Services service failed to start due to the following error: %%1053Error - 4/5/2013 3:51:32 PM | Computer Name = Hyunju | Source = DCOM | ID = 10005Description =Error - 4/8/2013 3:34:53 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7031Description = The McAfee Home Network service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error - 4/8/2013 3:35:53 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7032Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Home Network service, but this action failed with the following error: %%1056Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7000Description = The McAfee Platform Services service failed to start due to the following error: %%1053Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = DCOM | ID = 10005Description =Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = Service Control Manager | ID = 7000Description = The McAfee Platform Services service failed to start due to the following error: %%1053Error - 4/12/2013 3:38:26 PM | Computer Name = Hyunju | Source = DCOM | ID = 10005Description =< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted May 9, 2013 ID:677860 Share Posted May 9, 2013 It appears to be gone, but I see you have Delta Search in Chrome:CHR - default_search_provider: Delta Search (Enabled)CHR - default_search_provider: search_url = http://www2.delta-se...E00606C660605E6This should clear it out:1. Click the 3 bars in the upper right hand corner > Tools > Clear Browser DataPut a check next to all of these:Clear browsing historyClear download historyEmpty the cacheClick "Clear Browsing Data"2. Open up Chrome again > settings > On Startup > Open a specific page or set of pagesClick the Set Pages (in blue to the right)See what's thereAny Delta, mouse over and deleteSet it to what ever you want3. Click the Chrome menu on the browser toolbar.Select Settings.In the "Search" section, click Manage search engines.Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.4. Click the Chrome menu .Select Settings.In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.If the page isn't the home page you'd like to use, click Change and select your preferred page.Let me know.....MrC Link to post Share on other sites More sharing options...
amuse702 Posted May 10, 2013 Author ID:677934 Share Posted May 10, 2013 ok, i did everything...i believe that should do it. Thanks for everything!! Link to post Share on other sites More sharing options...
amuse702 Posted May 10, 2013 Author ID:677936 Share Posted May 10, 2013 o wait...one last question. when I got infected, I had an external drive connected...should I worry about the external drive being infected because for this troubleshooting process, I had unplugged the drive as the sticky had said to do... Link to post Share on other sites More sharing options...
amuse702 Posted May 10, 2013 Author ID:677939 Share Posted May 10, 2013 ok...i'm also getting this weird advertisement at the bottom of my google screen...this ad does not show up on any of my other computers...I have attached a pic of it Link to post Share on other sites More sharing options...
amuse702 Posted May 10, 2013 Author ID:677941 Share Posted May 10, 2013 scratch that...there was a program called lyrics finder that i didn't know what it was...after uninstalling that, closing my browser, and reopening, the ad disappeared...thanks again! Link to post Share on other sites More sharing options...
MrCharlie Posted May 10, 2013 ID:677942 Share Posted May 10, 2013 OK...and....External drive should be OKMrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 10, 2013 ID:678029 Share Posted May 10, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts