Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted redirections, blank page..


  • This topic is locked This topic is locked
18 replies to this topic

#1 Changg

Changg

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 26 August 2010 - 01:34 AM

Hi guys, I've been having some problems recently with my browsers..
Certain websites, will not load. I've tried multiple browsers, IE, Mozilla Firefox, Netscape Navigator, etc.
The very first time I tried to open these webpages, they would be redirected to some other sites like soundsofopera.com
or videocop.com, etc. I went in to Mozilla Firefox and Adblock 'd those redirection sites. I tried opening the page again,
and it would give me a blank page, with the status "Done" at the left bottom corner of the browser.

Removed text not written by member. Pasting in additional information posted by member posted elsewhere. ~ OB

Take a look at Untitled.JPEG. Thanks.

In fact, the redirection site changes daily.. it was soundsofopera.com in August 25, and now it's ultrabestportal.com

End of paste. ~ OB

Here is my log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:25 PM, on 26/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:Program FilesKyoceraFileUtilitySFUSVC.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesKyoceraFileUtilitynsCatCom.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSsystem32S3trayp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesTomTom HOME 2HOMERunner.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesKyoceraFileUtilityNsCatCom.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesiPodbiniPodService.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesJavajre1.6.0_05binjucheck.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSsystem32S3trayp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesJavajre1.6.0_05binjusched.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesJavajre1.6.0_05binjucheck.exe
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:WINDOWSsystem32spider.exe
C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:WINDOWSsystem32taskmgr.exe
C:Program FilesThreatFireTFTray.exe
C:Program FilesThreatFireTFService.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSsystem32msiexec.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:WINDOWSSystem32NOTEPAD.EXE

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.nixat.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:Program FilesSpyware DoctorBDTPCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.5.5126.1836swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:Program FilesSpyware DoctorBDTPCTBrowserDefender.dll
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [S3Trayp] S3trayp.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05binjusched.exe"
O4 - HKLM..Run: [MediaFace Integration] C:Program FilesFellowesMediaFACE 4.0SetHook.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [ThreatFire] C:Program FilesThreatFireTFTray.exe
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncWCESCOMM.EXE"
O4 - HKCU..Run: [TomTomHOME.exe] "C:Program FilesTomTom HOME 2HOMERunner.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [PC Suite Tray] "C:Program FilesNokiaNokia PC Suite 7PCSuite.exe" -onlytray
O4 - HKCU..Run: [AdobeUpdater] "C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe"
O4 - HKCU..Run: [ZE18MW23GY] C:DOCUME~1DavidLOCALS~1TempBnq.exe
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil10d.exe
O4 - HKLM..PoliciesExplorerRun: [] 
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-21-606747145-115176313-839522115-1005..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe (User 'Jo')
O4 - HKUSS-1-5-21-606747145-115176313-839522115-1005..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized (User 'Jo')
O4 - HKUSS-1-5-21-606747145-115176313-839522115-1005..Run: [AdobeUpdater] "C:Program FilesCommon FilesAdobeUpdater5AdobeUpdater.exe" (User 'Jo')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Address Book.lnk = ?
O4 - Global Startup: Scanner File Utility.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4AD8D9E9-BB00-4ADC-8BB8-D55D9E05F203} (HSDPlansCtl.ucPlansInt) - https://www.eduweb.vic.gov.au/ncontent/svgm...HSDPlansCtl.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1272458925609
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B2BE75F3-9197-11CF-ABF4-08000996E931} (Autodesk WHIP! Control) - https://www.eduweb.vic.gov.au/ncontent/svgm...Public/whip.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O17 - HKLMSystemCCSServicesTcpip..{EFEF6875-9CD6-48EC-A03D-65348B2288AA}: NameServer = 93.188.164.74,93.188.166.224
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 93.188.164.74,93.188.166.224
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 93.188.164.74,93.188.166.224
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:WINDOWSsystem32browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:WINDOWSsystem32browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:Program FilesSpyware DoctorBDTBDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: Google Update Service (gupdate1ca32adc6024910) (gupdate1ca32adc6024910) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:Program FilesKyoceraFileUtilitySFUSVC.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: ThreatFire - PC Tools - C:Program FilesThreatFireTFService.exe

--
End of file - 15463 bytes

Pasting in DDS log created and posted by this member elsewhere. ~ OB

Here are the logs:

DDS (Ver_10-03-17.01) - NTFSx86
Run by new at 23:40:19.43 on 08/25/2010 Wed
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.3033.2195 [GMT -7:00]

AV: •Œ• *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Essentials *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesOnDiskExpressService.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32PnkBstrB.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
svchost.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32conime.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:WINDOWSRTHDCPL.EXE
C:Program FilesMSN ToolbarPlatform4.0.0417.0mswinext.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:WINDOWSPLFSetL.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32svchost.exe -k HTTPFilter
C:Program FilesMessengermsmsgs.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:Program FilesMicrosoftSearch Enhancement PackSCServerSCServer.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Documents and SettingsnewDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:program filesinternet download managerIDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:program filesspyware doctorbdtPCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - c:program filesfree_tv_bartbFre0.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmsn toolbarplatform4.0.0417.0npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: Free TV Bar Toolbar: {a0729639-d831-46c9-811b-9b0aa79fb45a} - c:program filesfree_tv_bartbFre0.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:program filesmsn toolbarplatform4.0.0417.0npwinext.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:program filesspyware doctorbdtPCTBrowserDefender.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesaheadlibNMBgMonitor.exe"
uRun: [Skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
mRun: [hpbdfawep] "c:program fileshpdfawepbinhpbdfawep.exe" 1
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [MSN Toolbar] "c:program filesmsn toolbarplatform4.0.0417.0mswinext.exe"
mRun: [Microsoft Default Manager] "c:program filesmicrosoftsearch enhancement packdefault managerDefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRun: [PLFSetL] c:windowsPLFSetL.exe
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
DPF: {03AF249E-119E-4569-838E-167E929EC6DA} - hxxp://www.bigfile.co.kr/client/BigFile.cab
DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} - hxxp://edu.ingang.go.kr/LMS/eduport/front/study/common/ftp/StreamNote2_V2.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://image.cjmall.com/initech/plugin/download_2010/INIS60.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxp://www.immigration.go.kr/HP/COM/keytec/easykeytec.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3024_32k.cab
DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} - hxxp://login.unitel.co.kr/iplug/lmgr2131.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://gcc.nefficient.co.kr/gcc/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} - hxxp://www.ebslang.co.kr/ebs/ActiveX/eGEBS.cab
DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - hxxp://www.ebs.co.kr/ActiveX/MagicLockOCX.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx311/kdfense8.cab
DPF: {BB8C416C-2422-44C6-9F8D-ACB3B74EEBD5} - hxxp://app.filebus.co.kr/app/FilebusWebControl.CAB
DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} - hxxp://edu.ingang.go.kr/lms_ingang/script/common_add/MagicSpeeder.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} - hxxp://www.melon.com/cab/MelonActiveXInstaller.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - c:program filesestsoftaltoolbarALToolBarProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1newapplic~1mozillafirefoxprofilesev2v0p7w.default
FF - component: c:program filesmicrosoftsearch enhancement packsearch helperfirefoxextensionsearchhelperextensioncomponentsSEPsearchhelperff.dll
FF - component: c:program filesmozilla firefoxextensions{ab2ce124-6272-4b12-94a9-7303c7397bd1}componentsSkypeFfComponent.dll
FF - plugin: c:documents and settingsall usersapplication datanexonngmnpNxGame.dll
FF - plugin: c:documents and settingsall usersapplication datanexonusngmnpNxGameUS.dll
FF - plugin: c:program filescommon filesgretechnpgomtvx_nie.dll
FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpINISAFEWeb60.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpxecure.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpxwfile.dll
FF - plugin: c:program filesmsn toolbarplatform4.0.0417.0npwinext.dll
FF - plugin: c:program filessoftforumxecurewebactivexnpxwebplugin.dll
FF - plugin: c:program filessoftforumxecurewebactivexnpxwebplugin_file.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:windowssystem32npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2010-8-14 218592]
R0 ssfs0bbc;ssfs0bbc;c:windowssystem32driversssfs0bbc.sys [2009-4-2 29808]
R1 IDMTDI;IDMTDI;c:windowssystem32driversidmtdi.sys [2010-8-10 75104]
R2 DOSMEMIO;MEMIO;c:windowssystem32MEMIO.SYS [2009-12-25 4300]
R2 ExpressService;ExpressService;c:program filesondiskExpressService.exe [2009-11-10 1294336]
R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2010-6-13 304464]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2010-6-13 20952]
R3 VMC33E;Vimicro Camera Service VMC33E;c:windowssystem32driversVMC33E.sys [2009-12-25 237952]
R3 wowfilter;WOW XT Filter Driver;c:windowssystem32driversWOWFilter.sys [2009-3-24 25560]
S1 MpKsl343ed5b3;MpKsl343ed5b3;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{ad10df00-539f-4a8d-a074-0c60b8473365}mpksl343ed5b3.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{ad10df00-539f-4a8d-a074-0c60b8473365}MpKsl343ed5b3.sys [?]
S2 INet Work Process;INet Work Process;c:windowswinetwp.exe [2010-8-15 286208]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:program fileswebrootwebrootsecuritySpySweeper.exe [2009-4-2 4048240]
S2 WRConsumerService;Webroot Client Service; [x]
S3 AhnFlt2k;AhnFlt2k;c:windowssystem32driversAhnFlt2k.sys [2010-1-6 52928]
S3 AhnRec2k;AhnRec2k;c:windowssystem32driversAhnRec2k.sys [2010-1-6 20416]
S3 AhnRghNt;AhnRghNt;c:windowssystem32driversAhnRghNt.sys [2010-1-6 52800]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2009-12-25 1684736]
S3 ATamptNt_ASG;ATamptNt_ASG;??c:program filesahnlabsiteguard2atamptnt.sys --> c:program filesahnlabsiteguard2ATamptNt.sys [?]
S3 ATamptNt_V3LITE;ATamptNt_V3LITE;??c:progra~1ahnlabv3liteatamptnt.sys --> c:progra~1ahnlabv3liteATamptNt.sys [?]
S3 AYDrvXP_ALYAC;AYDrvXP_ALYAC;c:program filesestsoftalyacAYDrvXP.sys [2010-1-18 27000]
S3 CdmDrvNt;CdmDrvNt;c:windowssystem32driversCdmDrvNt.sys [2010-1-6 19616]
S3 cpuz132;cpuz132;??c:docume~1laglocals~1tempcpuz132cpuz132_x32.sys --> c:docume~1laglocals~1tempcpuz132cpuz132_x32.sys [?]
S3 esgiguard;esgiguard;??c:program filesenigma software groupspyhunteresgiguard.sys --> c:program filesenigma software groupspyhunteresgiguard.sys [?]
S3 JRSKD24;JRSKD24;c:windowssystem32JRSKD24.SYS [2010-7-25 39944]
S3 kcrtx86;kcrtx86;c:windowssystem32kcrtx86.sys [2010-7-25 126048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;??c:program fileslavasoftad-awarekernexplorer.sys --> c:program fileslavasoftad-awareKernExplorer.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-6 34064]
S3 scsk5;SCSK5 Driver Service;c:windowssystem32driversscsk5.sys --> c:windowssystem32driversscsk5.sys [?]
S3 XDva348;XDva348;??c:windowssystem32xdva348.sys --> c:windowssystem32XDva348.sys [?]
S4 Browser Defender Update Service;Browser Defender Update Service;c:program filesspyware doctorbdtBDTUpdateService.exe [2010-8-14 112592]
S4 QuickDownload Agent;QuickDownload Agent;c:program filesquickdownloadserviceqdownagent.exe [2009-12-26 110592]
S4 QuickDownload Service;QuickDownload Service;c:program filesquickdownloadserviceqdownservice.exe [2009-12-26 106496]
S4 QuickDownload Update;QuickDownload Update;c:program filesquickdownloadserviceqdownupdate.exe [2009-12-26 94208]
S4 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2010-8-14 366840]
S4 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2010-8-14 1142224]
S4 SGsvc;AhnLab SiteGuard Service; [x]
S4 SRS_PostInstaller;SRS PostInstaller Service;c:program filessrs labswowxt and tsxt driverSRS_PostInstaller2.exe [2009-3-24 74992]

=============== Created Last 30 ================

2010-08-26 05:47:26 0 d-----w- c:docume~1newapplic~1PriceGong
2010-08-26 05:39:20 245248 ----a-w- c:windowssvchost.exe
2010-08-26 05:25:50 0 d-sha-r- C:cmdcons
2010-08-26 05:20:23 98816 ----a-w- c:windowssed.exe
2010-08-26 05:20:23 77312 ----a-w- c:windowsMBR.exe
2010-08-26 05:20:23 256512 ----a-w- c:windowsPEV.exe
2010-08-26 05:20:23 161792 ----a-w- c:windowsSWREG.exe
2010-08-26 03:55:33 0 d-----w- c:documents and settingsnewTracing
2010-08-26 02:47:12 0 d-----r- c:program filesSkype
2010-08-26 00:52:23 0 d-----w- c:docume~1newapplic~1Estsoft
2010-08-25 23:49:05 0 d-----w- c:program filesNetscape
2010-08-25 07:09:24 0 d-----w- c:docume~1alluse~1applic~1NexonUS
2010-08-25 04:01:25 0 d-----w- c:windowsRegCure
2010-08-24 05:14:23 12145896 ----a-w- c:program filesOnDisksetup.exe
2010-08-21 21:36:23 0 d-----w- c:program filesUnlocker
2010-08-21 03:40:12 0 d-----w- c:program filesSC19
2010-08-19 05:59:10 24 ----a-w- c:windowssystem32scskConfigEH.ini
2010-08-19 05:59:10 124000 ----a-w- c:windowssystem32driverskcrtx86.sys
2010-08-19 05:59:10 0 d-----w- c:docume~1alluse~1applic~1SoftCamp
2010-08-19 05:59:09 1784576 ----a-w- c:windowssystem32SCSKMemLink.dll
2010-08-19 05:58:27 708096 ----a-w- c:windowssystem32INIcrypto20.dll
2010-08-19 05:58:04 143460 ----a-w- c:windowssystem32INIWEBCryptoWrapper.dll
2010-08-19 05:58:02 260096 ----a-w- c:windowssystem32INIWebCrypto.dll
2010-08-19 05:57:45 241664 ----a-w- c:windowssystem32PubCertDlg.dll
2010-08-19 05:57:42 1205544 ----a-w- c:windowssystem32ISPPopUpDlg.exe
2010-08-19 05:57:32 923080 ----a-w- c:windowssystem32SCSKAppLink.dll
2010-08-19 05:57:03 124928 ----a-w- c:windowssystem32INICertStore.dll
2010-08-19 05:56:52 386048 ----a-w- c:windowssystem32INICertManUI.dll
2010-08-19 05:45:21 28672 ----a-w- c:windowssystem32ISP_crgen.dll
2010-08-19 05:45:20 73728 ----a-w- c:windowssystem32ISP_INISafeNet.dll
2010-08-19 05:45:17 6750208 ----a-w- c:windowssystem32KvpVcmd.dll
2010-08-17 00:14:54 0 d-----w- c:program filesMetaGeek
2010-08-17 00:01:18 0 d-----w- c:program filesNetwork Stumbler
2010-08-16 03:23:04 286208 ----a-w- c:windowswinetwp.exe
2010-08-16 02:34:15 0 d-----w- c:windowssystem32windows media
2010-08-16 02:34:06 0 d-----w- c:program filesWindows Media Components
2010-08-16 02:25:36 0 d-----w- C:temp.chicony
2010-08-16 02:19:33 99328 -c--a-w- c:windowssystem32dllcachesrusd.dll
2010-08-16 02:19:33 99328 ----a-w- c:windowssystem32srusd.dll
2010-08-16 02:19:31 6784 -c--a-w- c:windowssystem32dllcacheserscan.sys
2010-08-16 02:19:31 6784 ----a-w- c:windowssystem32driversserscan.sys
2010-08-16 02:19:29 71680 -c--a-w- c:windowssystem32dllcachefnfilter.dll
2010-08-16 02:19:29 71680 ----a-w- c:windowssystem32fnfilter.dll
2010-08-16 02:16:41 0 d-----w- C:CamersoftOutput
2010-08-16 02:14:08 0 d-----w- c:docume~1alluse~1applic~1WebacamSurveyor
2010-08-16 02:09:59 0 d-----w- c:program filesImageSalsa
2010-08-16 02:06:47 0 d-----w- c:program filescommon filessnp2uvc
2010-08-15 16:56:23 0 d-----w- c:docume~1alluse~1applic~1Webroot
2010-08-15 07:38:08 230 ----a-w- c:windowssystem32spupdsvc.inf
2010-08-15 07:34:52 0 d-----w- c:docume~1alluse~1applic~1ParetoLogic
2010-08-15 07:34:50 0 d-----w- c:program filesParetoLogic
2010-08-15 02:39:58 73728 ----a-w- c:windowssystem32javacpl.cpl
2010-08-14 23:44:04 0 d-----w- c:program filesReaSoft
2010-08-14 23:00:39 882 ----a-w- c:windowsRegSDImport.xml
2010-08-14 23:00:39 879 ----a-w- c:windowsRegISSImport.xml
2010-08-14 23:00:39 767952 ----a-w- c:windowsBDTSupport.dll
2010-08-14 23:00:39 165840 ----a-w- c:windowsPCTBDRes.dll
2010-08-14 23:00:39 1652688 ----a-w- c:windowsPCTBDCore.dll
2010-08-14 23:00:39 149456 ----a-w- c:windowsSGDetectionTool.dll
2010-08-14 23:00:39 131 ----a-w- c:windowsIDB.zip
2010-08-14 23:00:39 1152444 ----a-w- c:windowsUDB.zip
2010-08-14 22:46:35 7387 ----a-w- c:windowssystem32driverspctgntdi.cat
2010-08-14 22:46:35 233136 ----a-w- c:windowssystem32driverspctgntdi.sys
2010-08-14 22:46:30 7383 ----a-w- c:windowssystem32driverspctcore.cat
2010-08-14 22:46:30 218592 ----a-w- c:windowssystem32driversPCTCore.sys
2010-08-14 22:46:29 88040 ----a-w- c:windowssystem32driversPCTAppEvent.sys
2010-08-14 22:46:29 7412 ----a-w- c:windowssystem32driversPCTAppEvent.cat
2010-08-14 22:46:18 7383 ----a-w- c:windowssystem32driverspctplsg.cat
2010-08-14 22:46:18 63360 ----a-w- c:windowssystem32driverspctplsg.sys
2010-08-14 22:46:03 0 d-----w- c:program filescommon filesPC Tools
2010-08-14 22:46:03 0 d-----w- c:docume~1alluse~1applic~1PC Tools
2010-08-14 22:46:02 0 d-----w- c:program filesSpyware Doctor
2010-08-14 21:52:56 0 d-----w- c:program filesMSSOAP
2010-08-14 21:52:36 0 d-----w- c:program filesWebroot
2010-08-14 21:51:02 164 ----a-w- c:windowsinstall.dat
2010-08-14 20:33:01 81920 ----a-w- c:windowssystem32ieencode.dll
2010-08-14 20:33:01 81920 ----a-w- c:windowssystem32dllcacheieencode.dll
2010-08-14 03:20:57 0 ----a-w- C:dump_dvd.vob
2010-08-13 20:29:32 105 ----a-w- c:windowsVMSTI000.bmp
2010-08-13 18:47:52 0 d-----w- c:program filesSpybot - Search & Destroy
2010-08-13 18:47:52 0 d-----w- c:docume~1alluse~1applic~1Spybot - Search & Destroy
2010-08-13 18:33:49 0 d-----w- c:docume~1alluse~1applic~1DriverScanner
2010-08-13 08:14:15 0 d-----w- c:program filesMSXML 4.0
2010-08-13 08:01:24 456704 -c----w- c:windowssystem32dllcachesmtpsvc.dll
2010-08-13 07:56:45 74752 -c----w- c:windowssystem32dllcachemsw3prt.dll
2010-08-13 07:56:45 104960 -c----w- c:windowssystem32dllcachewin32spl.dll
2010-08-13 07:52:58 91136 -c----w- c:windowssystem32dllcachentprint.dll
2010-08-13 07:50:25 135168 -c----w- c:windowssystem32dllcacheshsvcs.dll
2010-08-13 07:44:51 57344 -c----w- c:windowssystem32dllcacheuexfat.dll
2010-08-13 07:44:51 57344 ------w- c:windowssystem32uexfat.dll
2010-08-13 07:44:51 133632 -c----w- c:windowssystem32dllcacheexfat.sys
2010-08-13 07:44:51 133632 ------w- c:windowssystem32driversexfat.sys
2010-08-13 07:44:50 278528 -c----w- c:windowssystem32dllcacheulib.dll
2010-08-13 07:44:06 0 d-----w- c:windowsRegistryBooster 2
2010-08-13 07:42:51 90112 -c----w- c:windowssystem32dllcachewshext.dll
2010-08-13 07:42:51 512000 -c--a-w- c:windowssystem32dllcachejscript.dll
2010-08-13 07:42:51 180224 -c----w- c:windowssystem32dllcachescrobj.dll
2010-08-13 07:42:51 172032 -c----w- c:windowssystem32dllcachescrrun.dll
2010-08-13 07:42:50 430080 -c--a-w- c:windowssystem32dllcachevbscript.dll
2010-08-13 07:42:50 155648 -c----w- c:windowssystem32dllcachewscript.exe
2010-08-13 07:42:50 135168 -c----w- c:windowssystem32dllcachecscript.exe
2010-08-13 07:42:03 330752 -c----w- c:windowssystem32dllcacheipnathlp.dll
2010-08-13 07:34:02 92672 -c----w- c:windowssystem32dllcachepolicman.dll
2010-08-13 07:34:02 68096 -c----w- c:windowssystem32dllcachentdsapi.dll
2010-08-13 07:34:02 175104 -c----w- c:windowssystem32dllcachew32time.dll
2010-08-13 07:34:01 199680 -c----w- c:windowssystem32dllcachegptext.dll
2010-08-13 07:34:01 113152 -c----w- c:windowssystem32dllcachedsuiext.dll
2010-08-13 07:34:00 407040 -c----w- c:windowssystem32dllcachenetlogon.dll
2010-08-13 07:33:59 68096 -c----w- c:windowssystem32dllcacheadsmsext.dll
2010-08-13 07:32:14 62976 -c----w- c:windowssystem32dllcachecdrom.sys
2010-08-13 07:32:13 465920 -c----w- c:windowssystem32dllcacheimapi2fs.dll
2010-08-13 07:32:13 465920 ------w- c:windowssystem32imapi2fs.dll
2010-08-13 07:32:13 317952 -c----w- c:windowssystem32dllcacheimapi2.dll
2010-08-13 07:32:13 317952 ------w- c:windowssystem32imapi2.dll
2010-08-13 07:29:38 295424 -c----w- c:windowssystem32dllcachetermsrv.dll
2010-08-13 06:33:41 0 d-----w- c:program filesStarCraft II
2010-08-13 05:12:57 44928 ------w- c:windowssystem32driversagpcpq.sys
2010-08-13 05:11:17 19569 ----a-w- c:windows003146_.tmp
2010-08-12 19:52:14 0 d-----w- c:program filesWindows Media Connect 2
2010-08-12 19:06:59 0 d-----w- c:program filesMSN Toolbar
2010-08-12 19:04:07 0 d-----w- c:docume~1alluse~1applic~1PC Drivers HeadQuarters
2010-08-12 19:04:06 0 d-----w- c:program filesMSN Toolbar Installer
2010-08-12 18:46:06 0 d-----w- c:program filesDaum
2010-08-12 07:14:53 0 d-----w- c:docume~1alluse~1applic~1Rising
2010-08-12 07:14:10 0 d-----w- c:program filesRising
2010-08-12 03:17:42 0 d-----w- c:docume~1alluse~1applic~1Kaspersky Lab Setup Files
2010-08-12 00:03:30 95024 ----a-w- c:windowssystem32driversSBREDrv.sys
2010-08-11 22:15:20 0 d-----w- c:windows95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-11 22:15:17 0 d-----w- c:program filescommon filesWise Installation Wizard
2010-08-11 09:20:46 52736 ----a-w- c:windowssystem32driverslngehind.sys
2010-08-11 08:43:31 77824 ----a-w- c:windowssystem32xvid.ax
2010-08-11 08:43:31 765952 ----a-w- c:windowssystem32xvidcore.dll
2010-08-11 08:43:31 180224 ----a-w- c:windowssystem32xvidvfw.dll
2010-08-11 08:43:30 0 d-----w- c:program filesXvid
2010-08-10 18:16:10 75104 ----a-w- c:windowssystem32driversidmtdi.sys
2010-08-10 18:16:10 210352 ----a-w- c:windowssystem32idmmbc.dll
2010-08-10 12:15:58 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx
2010-08-10 12:15:58 69632 ----a-w- c:windowssystem32QuickTime.qts
2010-08-09 23:01:34 1049600 ------w- c:windowssystem32TERUTENAUTHDATA
2010-08-09 23:00:57 0 d-----w- c:windowssystem32LOG
2010-08-09 23:00:56 0 d-----w- c:program filescommon filesTeruten
2010-08-09 23:00:53 0 d-----w- c:program filesTeruten
2010-08-07 04:43:11 0 d-----w- c:program filesav100
2010-08-06 23:44:27 0 d-----w- c:program filesRivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-08-06 04:08:16 0 d-----w- c:program filesuTorrent
2010-08-06 03:51:37 360320 ----a-w- c:windowssystem32driverstcpip.copy
2010-08-05 07:13:32 163840 ----a-w- c:windowsSetACL.exe
2010-08-05 06:32:32 0 d-----w- c:program filesQtracker
2010-08-05 06:14:13 22328 ----a-w- c:windowssystem32driversPnkBstrK.sys
2010-08-05 06:13:54 103736 ----a-w- c:windowssystem32PnkBstrB.exe
2010-08-05 06:13:51 66872 ----a-w- c:windowssystem32PnkBstrA.exe
2010-08-05 02:28:36 0 d-----w- c:program filesCall of Duty 4 - Modern Warfare
2010-08-04 04:57:09 324 ----a-w- c:windowsgame.ini
2010-08-02 19:30:37 37458 ----a-w- c:windowssystem32vtpkt
2010-07-28 20:42:44 0 d-----w- c:program filesSC2Maps
2010-07-28 20:37:24 1435716 ----a-w- C:(4)_-_Twilight_Fortress.s2ma
2010-07-28 20:37:23 1703076 ----a-w- C:(2)_-_Shakuras_Plateau.s2ma
2010-07-28 20:37:23 1575712 ----a-w- C:(2)_-_Lost_Temple.s2ma
2010-07-28 20:37:23 1575708 ----a-w- C:(4)_-_Lost_Temple.s2ma
2010-07-28 18:10:06 255496 ----a-w- c:windowssystem32UnInstall_CrossCert.exe
2010-07-28 18:10:02 0 d-----w- c:program filesCrossCert
2010-07-27 21:11:19 0 d-----w- c:docume~1alluse~1applic~1Blizzard Entertainment
2010-07-27 21:10:56 0 d-----w- c:docume~1alluse~1applic~1Blizzard
2010-07-27 18:37:23 0 d-----w- c:program filescommon filesBlizzard Entertainment

==================== Find3M ====================

2010-08-24 05:45:20 12 ----a-w- c:program filesOnDisk_ver.ini
2010-08-24 05:18:46 10 ----a-w- c:program filesOnDiskver.ini
2010-08-15 02:39:42 423656 ----a-w- c:windowssystem32deployJava1.dll
2010-07-26 05:06:16 17160 ----a-w- c:windowssystem32JRSUKD25.SYS
2010-07-26 05:06:16 126048 ----a-w- c:windowssystem32kcrtx86.sys
2010-07-26 05:06:11 39944 ----a-w- c:windowssystem32JRSKD24.SYS
2010-07-26 04:48:38 124424 ----a-r- c:windowssystem32CKAgent.exe
2010-07-23 01:44:37 1278216 ----a-w- c:program fileseGSignPlus_ActiveX_ForEBS.exe
2010-07-20 01:22:26 21764 ----a-w- c:windowssystem32CoreAAC-uninstall.exe
2010-07-18 22:40:32 61952 ----a-w- c:windowssystem32execryptorvb.dll
2010-07-15 23:40:58 475136 ----a-w- c:windowssystem32p3melon.dll
2010-07-14 06:33:27 921600 ----a-w- c:windowssystem32vorbisenc.dll
2010-07-14 06:33:11 188416 ----a-w- c:windowssystem32vorbis.dll
2010-07-14 06:33:08 237568 ----a-w- c:windowssystem32OggDS.dll
2010-07-14 06:33:04 45056 ----a-w- c:windowssystem32ogg.dll
2010-07-14 06:33:03 102160 ----a-w- c:windowssystem32vb6ko.dll
2010-07-14 05:56:43 57893 ----a-w- c:windowssystem32MelonActiveXUninst.exe
2010-06-30 12:23:55 149504 ----a-w- c:windowssystem32schannel.dll
2010-06-24 12:10:44 667136 ----a-w- c:windowssystem32wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:windowssystem32win32k.sys
2010-06-22 02:58:01 65536 ----a-w- c:windowsIFinst27.exe
2010-06-17 14:03:00 80384 ----a-w- c:windowssystem32iccvid.dll
2010-06-17 09:14:50 651264 ----a-w- c:windowssystem32P3MelonSvr.exe
2010-06-15 01:47:24 86016 ----a-w- c:windowssystem32frapsvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:windowssystem32msxml3.dll
2010-06-14 04:11:30 94208 ----a-w- c:windowsScUnin.exe
2010-06-14 04:11:30 12488 ----a-w- c:windowsscunin.dat
2010-06-10 16:40:12 860896 ----a-w- c:windowssystem32MelonWebPlayer.dll
2010-06-03 18:12:06 296472 ----a-w- c:windowssystem32NaverFDL.exe
2010-06-01 17:37:48 221568 ------w- c:windowssystem32MpSigStub.exe

============= FINISH: 23:40:47.50 ===============



With GMER.. Everytime I run gmer.exe , my computer would just crash and lag as hell.
I just can't run gmer.. I'm sorry if these informations are not enough to solve the problem. ):


Thanks in advance.

Since I cannot transfer an attachment, I am pasting the attach.txt log in the text box. ~ OB


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 bit Windows Card Reader Driver
Acrobat.com
Ad-Aware
Adobe Acrobat 8 Professional - English, Fran?is, Deutsch
Adobe Acrobat 8.1.3 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
BioShock
Bonjour
Camtasia Studio 6
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Resource CD
Dell Wireless WLAN Card
FlashFXP v3
Hide My IP 5.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 21
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Market Samurai
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.8)
Opera 10.60
PDF Settings
SENuke
SigmaTel Audio
Skins
Skype?4.2
Steam
Super Suggester 1.0.0
Supreme Commander 2
Symantec Endpoint Protection Small Business Edition
TextPad 5
TheBestSpinner
Trillian
UN.CO.VER. 2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Driver Package - Logitech HIDClass (10/16/2006 1.0)
WinRAR archiver
WinSCP 4.2.7

==== End Of File ===========================

Thankyou to Orlando Bloom, Here is the Untitled.JPEG .

I need to tell you something ..

The redirection page used to change daily.

But now, a different symptom occurs, starting some point yesterday.

The errors I get in Both IE AND Firefox. I have the screenshots for both errors, so check them out too.


P.S- I have IE 6. // untitled.JPEG is what happened about 2 days ago, That does not happen anymore. IE Error.JPEG and Mozilla Firefox Error.JPEG is what happens now.

Merged post containing images to initial post. ~ OB

Attached Files


Edited by Orange Blossom, 28 August 2010 - 09:11 PM.
Moved from XP to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 30 August 2010 - 11:44 PM

Hi Changg,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 01 September 2010 - 03:18 AM

MBAM LOG


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/31/2010 12:49:54 AM
mbam-log-2010-08-31 (00-49-54).txt

Scan type: Quick scan
Objects scanned: 159953
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\WINDOWS\svchost.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ALGL8V6V\dotnetdlg[1].dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


GMER LOG


No luck with GMER .. everytime I open and scan .... , my computer crashes .


OTL LOG


-OTL.txt

OTL logfile created on: 9/1/2010 12:54:05 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\new\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 83.59 Gb Free Space | 42.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSUNG-2CB1CC4
Current User Name: new
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\new\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\svchost.exe (Microsoft Corporation)
PRC - C:\Program Files\OnDisk\ExpressService.exe (ExpressService)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\PLFSetL.exe (sonix)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\new\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\ime\imkr6_1\imekrcic.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WRConsumerService) -- File not found
SRV - (SGsvc) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (ExpressService) -- C:\Program Files\OnDisk\ExpressService.exe (ExpressService)
SRV - (INet Work Process) -- C:\WINDOWS\winetwp.exe ()
SRV - (ALYac_PZSrv) -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye (ESTsoft Corp)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QuickDownload Service) -- C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (QuickDownload Agent) -- C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
SRV - (QuickDownload Update) -- C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)


========== Driver Services (SafeList) ==========

DRV - (XDva348) -- C:\WINDOWS\System32\XDva348.sys File not found
DRV - (scsk5) -- C:\WINDOWS\System32\drivers\scsk5.sys File not found
DRV - (MpKsl343ed5b3) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD10DF00-539F-4A8D-A074-0C60B8473365}\MpKsl343ed5b3.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (cpuz132) -- C:\DOCUME~1\LAG\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ATamptNt_V3LITE) -- C:\PROGRA~1\AhnLab\V3Lite\ATamptNt.sys File not found
DRV - (ATamptNt_ASG) -- C:\Program Files\AhnLab\SiteGuard2\ATamptNt.sys File not found
DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)
DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)
DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)
DRV - (AYDrvXP_ALYAC) -- C:\Program Files\ESTsoft\ALYac\AYDrvXP.sys (ESTsoft Corp)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (VMC33E) -- C:\WINDOWS\system32\drivers\VMC33E.sys (Vimicro Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AhnRghNt) -- C:\WINDOWS\system32\drivers\AhnRghNt.sys (AhnLab, Inc.)
DRV - (AhnRec2k) -- C:\WINDOWS\system32\drivers\AhnRec2k.sys (AhnLab, Inc.)
DRV - (AhnFlt2k) -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys (AhnLab, Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (CdmDrvNt) -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys (AhnLab, Inc.)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (AYDrvNT_ALYAC) -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys (ESTsoft Corp)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/08/12 12:06:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/15 03:40:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 18:30:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 10:03:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/08/25 16:49:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/08/25 16:49:07 | 000,000,000 | ---D | M]

[2010/08/25 18:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\Mozilla\Extensions
[2010/08/31 20:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\extensions
[2010/08/27 10:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 18:35:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/27 10:05:45 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\searchplugins\bing.xml
[2010/08/31 20:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 19:47:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/14 19:15:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 19:40:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/27 21:48:30 | 000,200,914 | ---- | M] (INITECH ©) -- C:\Program Files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/12/05 09:50:08 | 000,090,112 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npxecure.dll
[2009/12/05 09:50:06 | 000,073,728 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npxwfile.dll

O1 HOSTS File: ([2010/08/29 13:11:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\\PLFSetL.exe ()
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {03AF249E-119E-4569-838E-167E929EC6DA} http://www.bigfile.co.kr/client/BigFile.cab (BigFileControl Control)
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} http://edu.ingang.go.kr/LMS/eduport/front/...eamNote2_V2.cab (StreamNote2 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab (Reg Error: Key error.)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} http://www.immigration.go.kr/HP/COM/keytec/easykeytec.cab (EZKeytecOCX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3024_32k.cab (XecureCKKB Class)
O16 - DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} http://login.unitel.co.kr/iplug/lmgr2131.cab (UniAuth Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://gcc.nefficient.co.kr/gcc/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPi...33.cab?20081124 (CyImage Class)
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.ebs.co.kr/ActiveX/MagicLockOCX.cab (MagicLockOCX Control)
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://kings.nefficient.co.kr/kings/kdfx/k...11/kdfense8.cab (Kdfense8 Control)
O16 - DPF: {BB8C416C-2422-44C6-9F8D-ACB3B74EEBD5} http://app.filebus.co.kr/app/FilebusWebControl.CAB (Filebus Web Control)
O16 - DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} http://edu.ingang.go.kr/lms_ingang/script/...agicSpeeder.cab (MagicController Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://live.afreeca.com:8057/AFCStarter.cab (AFCStarter Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.com/activex/NaverAXGuide.cab (NaverAXGuide Class)
O16 - DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} http://www.melon.com/cab/MelonActiveXInstaller.cab (Manager Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\smart {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - C:\Program Files\ESTsoft\ALToolBar\ALToolBarProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/25 05:40:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: 6to4 - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 11:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/08/31 01:03:06 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe
[2010/08/31 00:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Malwarebytes
[2010/08/29 13:10:40 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/08/29 13:10:40 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/08/29 13:10:40 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/08/29 13:10:40 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/08/29 13:10:40 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/08/29 13:10:40 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/08/29 13:10:40 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/08/29 13:10:40 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/08/29 13:10:40 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/08/29 13:10:40 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/08/29 13:10:40 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/08/29 13:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Desktop\SmitfraudFix
[2010/08/29 12:58:21 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\new\Desktop\HijackThis.exe
[2010/08/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Office Genuine Advantage
[2010/08/27 00:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Desktop\SpyNoMore
[2010/08/27 00:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2010/08/26 13:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\ooVoo Details
[2010/08/26 13:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/26 13:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\My Documents\받은 파일
[2010/08/26 09:18:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\new\UserData
[2010/08/25 23:19:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/25 23:05:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\new\Desktop\OTL.exe
[2010/08/25 22:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\PriceGong
[2010/08/25 22:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Sun
[2010/08/25 22:25:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/25 22:20:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/25 22:20:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/25 22:20:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/25 22:20:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/25 20:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Tracing
[2010/08/25 19:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\skypePM
[2010/08/25 19:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Skype
[2010/08/25 19:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/25 19:47:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/25 18:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\My Documents\Downloads
[2010/08/25 18:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Mozilla
[2010/08/25 18:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Mozilla
[2010/08/25 17:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Desktop\WZ EDITING
[2010/08/25 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Estsoft
[2010/08/25 17:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Netscape
[2010/08/25 17:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Netscape
[2010/08/25 17:47:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents\My Videos
[2010/08/25 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Adobe
[2010/08/25 17:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Free_TV_Bar
[2010/08/25 17:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Conduit
[2010/08/25 17:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Threat Expert
[2010/08/25 17:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Apple Computer
[2010/08/25 17:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Apple Computer
[2010/08/25 17:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Ahead
[2010/08/25 17:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Identities
[2010/08/25 17:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents\My Pictures
[2010/08/25 17:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents\My Music
[2010/08/25 17:37:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\new\Application Data\Microsoft
[2010/08/25 17:37:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\new\Cookies
[2010/08/25 17:37:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new\Application Data
[2010/08/25 17:37:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\Favorites
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Microsoft
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Macromedia
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Desktop
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Adobe
[2010/08/25 17:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new\SendTo
[2010/08/25 17:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new\Recent
[2010/08/25 17:37:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\Start Menu
[2010/08/25 17:37:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\Templates
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\PrintHood
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\NetHood
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\Local Settings
[2010/08/25 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2010/08/25 11:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/25 11:03:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/25 00:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/24 21:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2010/08/24 21:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/08/24 10:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/22 23:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/21 14:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/20 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\SC19
[2010/08/18 22:59:10 | 000,124,000 | ---- | C] (Kings Information & Network) -- C:\WINDOWS\System32\drivers\kcrtx86.sys
[2010/08/18 22:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2010/08/18 22:59:09 | 001,784,576 | ---- | C] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKMemLink.dll
[2010/08/18 22:58:02 | 000,260,096 | ---- | C] (INITECH ©.) -- C:\WINDOWS\System32\INIWebCrypto.dll
[2010/08/18 22:57:32 | 000,923,080 | ---- | C] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKAppLink.dll
[2010/08/18 22:57:03 | 000,124,928 | ---- | C] (INITECH ©) -- C:\WINDOWS\System32\INICertStore.dll
[2010/08/18 22:45:20 | 000,073,728 | ---- | C] (Initech ©) -- C:\WINDOWS\System32\ISP_INISafeNet.dll
[2010/08/16 17:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2010/08/16 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Network Stumbler
[2010/08/15 19:34:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010/08/15 19:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/08/15 19:25:36 | 000,000,000 | ---D | C] -- C:\temp.chicony
[2010/08/15 19:19:33 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srusd.dll
[2010/08/15 19:19:33 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2010/08/15 19:19:31 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/08/15 19:19:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fnfilter.dll
[2010/08/15 19:19:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010/08/15 19:16:41 | 000,000,000 | ---D | C] -- C:\CamersoftOutput
[2010/08/15 19:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WebacamSurveyor
[2010/08/15 19:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImageSalsa
[2010/08/15 19:06:50 | 000,094,208 | ---- | C] (sonix) -- C:\WINDOWS\PLFSetL.exe
[2010/08/15 19:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SUYIN NB Cam
[2010/08/15 19:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\x64
[2010/08/15 19:06:48 | 000,286,720 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2010/08/15 19:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
[2010/08/15 19:06:47 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/08/15 19:06:47 | 000,094,208 | ---- | C] (sonix) -- C:\WINDOWS\System32\PLFSetL.exe
[2010/08/15 19:06:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/15 19:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2uvc
[2010/08/15 09:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/08/15 00:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/15 00:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/08/14 23:51:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/08/14 23:50:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/08/14 22:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/08/14 22:05:22 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/08/14 19:39:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 19:39:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 19:39:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/14 19:39:58 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/14 19:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 16:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\ReaSoft
[2010/08/14 16:00:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/08/14 16:00:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/08/14 16:00:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/08/14 15:46:35 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/08/14 15:46:30 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/08/14 15:46:29 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/08/14 15:46:18 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/08/14 15:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/14 15:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/14 15:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/14 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/08/14 14:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/08/14 13:33:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/08/14 13:33:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/08/13 11:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/13 11:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/13 11:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/08/13 01:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Clunet
[2010/08/13 01:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/13 01:01:24 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/08/13 00:56:45 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32spl.dll
[2010/08/13 00:56:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msw3prt.dll
[2010/08/13 00:52:58 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntprint.dll
[2010/08/13 00:50:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2010/08/13 00:44:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exfat.sys
[2010/08/13 00:44:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uexfat.dll
[2010/08/13 00:44:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uexfat.dll
[2010/08/13 00:44:50 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ulib.dll
[2010/08/13 00:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegistryBooster 2
[2010/08/13 00:42:51 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/08/13 00:42:51 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrobj.dll
[2010/08/13 00:42:51 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrrun.dll
[2010/08/13 00:42:51 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshext.dll
[2010/08/13 00:42:50 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/08/13 00:42:50 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2010/08/13 00:42:50 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2010/08/13 00:42:03 | 000,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipnathlp.dll
[2010/08/13 00:34:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32time.dll
[2010/08/13 00:34:02 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2010/08/13 00:34:02 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdsapi.dll
[2010/08/13 00:34:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gptext.dll
[2010/08/13 00:34:01 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsuiext.dll
[2010/08/13 00:34:00 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netlogon.dll
[2010/08/13 00:33:59 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsmsext.dll
[2010/08/13 00:32:14 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/08/13 00:32:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2010/08/13 00:32:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2010/08/13 00:32:13 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2010/08/13 00:32:13 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2010/08/13 00:29:38 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2010/08/12 23:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/08/12 23:26:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/12 22:16:56 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/08/12 22:16:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/08/12 22:16:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010/08/12 22:16:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/08/12 22:16:46 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/08/12 22:16:46 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/08/12 22:16:46 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/08/12 22:16:46 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/08/12 22:16:46 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/08/12 22:16:46 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/08/12 22:16:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/08/12 22:16:46 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/08/12 22:16:46 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/08/12 22:16:46 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/08/12 22:16:45 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/08/12 22:16:45 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/08/12 22:16:45 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/08/12 22:16:45 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/08/12 22:16:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/08/12 22:16:45 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/08/12 22:16:45 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/08/12 22:16:45 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/08/12 22:16:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/08/12 22:16:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/08/12 22:16:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/08/12 22:16:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/08/12 22:16:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/08/12 22:16:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/08/12 22:16:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/08/12 22:16:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/08/12 22:16:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/08/12 22:16:44 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/08/12 22:16:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/08/12 22:16:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/08/12 22:16:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/08/12 22:16:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/08/12 22:16:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/08/12 22:16:42 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/08/12 22:16:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/08/12 22:16:42 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/08/12 22:16:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/08/12 22:16:42 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/08/12 22:16:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/08/12 22:16:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/08/12 22:16:41 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/08/12 22:16:41 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/08/12 22:16:41 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/08/12 22:16:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/08/12 22:16:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/08/12 22:16:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/08/12 22:16:40 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/08/12 22:16:40 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/08/12 22:16:40 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/08/12 22:16:40 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/08/12 22:16:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/08/12 22:16:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/08/12 22:16:40 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/08/12 22:16:40 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/08/12 22:16:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/08/12 22:16:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/08/12 22:16:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/08/12 22:16:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgQec.dll
[2010/08/12 22:16:40 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/08/12 22:16:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/08/12 22:16:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010/08/12 22:16:38 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/08/12 22:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/12 22:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/12 22:16:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/12 22:16:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/12 22:12:57 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/08/12 22:12:57 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/08/12 22:12:57 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/08/12 22:12:57 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/08/12 22:12:57 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/08/12 22:12:57 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/08/12 22:12:57 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/08/12 22:12:57 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/08/12 22:12:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/12 22:12:56 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/08/12 22:12:56 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/08/12 22:12:56 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/08/12 22:12:56 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/08/12 22:12:56 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/08/12 22:12:56 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/08/12 22:12:56 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/08/12 22:12:56 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/08/12 22:12:56 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/08/12 22:12:56 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/08/12 22:12:56 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/08/12 22:12:56 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/08/12 22:12:56 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/08/12 22:12:56 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/08/12 22:12:56 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/08/12 22:12:56 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/08/12 22:12:56 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/08/12 22:12:56 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/08/12 22:12:56 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/08/12 22:12:56 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/08/12 22:12:56 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/08/12 22:12:56 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/08/12 22:12:56 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/08/12 22:12:56 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/08/12 22:12:56 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/08/12 22:12:56 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/08/12 22:12:56 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/08/12 22:12:56 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/08/12 22:12:56 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/08/12 22:12:55 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/08/12 22:12:55 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/08/12 22:12:55 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/08/12 22:12:55 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/08/12 22:12:55 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/08/12 22:12:55 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/08/12 22:12:55 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/08/12 22:12:55 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/08/12 22:12:55 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/08/12 22:12:54 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/08/12 22:12:54 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/08/12 22:12:54 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/08/12 22:12:54 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/08/12 22:12:54 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/08/12 22:12:54 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/08/12 22:12:54 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/08/12 22:12:54 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/08/12 22:12:54 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/08/12 22:12:54 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/08/12 22:12:54 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/08/12 22:12:54 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/08/12 22:12:54 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/08/12 22:12:54 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/08/12 22:08:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/12 12:52:36 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/08/12 12:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/08/12 12:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/08/12 12:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/08/12 12:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/12 12:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/12 12:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/08/12 11:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2010/08/12 00:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/08/12 00:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2010/08/11 20:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/11 17:03:30 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/11 16:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/11 15:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010/08/11 15:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/11 02:20:46 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lngehind.sys
[2010/08/11 01:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/08/10 11:16:10 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2010/08/10 11:16:10 | 000,075,104 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/08/09 16:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LOG
[2010/08/09 16:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teruten
[2010/08/09 16:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Teruten
[2010/08/08 11:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/06 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\av100
[2010/08/06 16:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/08/05 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/05 20:51:37 | 000,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.copy
[2010/08/05 00:13:32 | 000,163,840 | ---- | C] (Helge Klein) -- C:\WINDOWS\SetACL.exe
[2010/08/04 23:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Qtracker
[2010/08/04 19:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Call of Duty 4 - Modern Warfare
[2010/08/04 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/03 12:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/02 21:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/08/02 21:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/22 18:44:30 | 001,278,216 | ---- | C] (Penta Security Systems ) -- C:\Program Files\eGSignPlus_ActiveX_ForEBS.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/01 00:18:01 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/09/01 00:11:00 | 000,000,756 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006UA.job
[2010/08/31 19:11:00 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006Core.job
[2010/08/31 19:04:51 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\new\NTUSER.DAT
[2010/08/31 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/08/31 11:36:21 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\new\Desktop\ooVoo.lnk
[2010/08/31 09:44:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/31 01:19:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/31 01:18:50 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/31 01:18:37 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe
[2010/08/31 01:18:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/31 01:18:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/31 01:17:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\new\ntuser.ini
[2010/08/31 01:01:38 | 001,577,352 | -H-- | M] () -- C:\Documents and Settings\new\Local Settings\Application Data\IconCache.db
[2010/08/30 04:43:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/08/29 13:11:11 | 000,003,000 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/08/29 13:11:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/29 12:58:21 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\new\Desktop\HijackThis.exe
[2010/08/28 02:27:38 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\new\Desktop\address.doc
[2010/08/27 01:11:37 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\new\Desktop\SmitfraudFix.exe
[2010/08/27 00:46:50 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2010/08/25 23:38:45 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\new\Desktop\dds.scr
[2010/08/25 23:08:41 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\new\Desktop\MBRCheck.exe
[2010/08/25 23:07:36 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\new\Desktop\RKUnhookerLE.EXE
[2010/08/25 23:05:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\new\Desktop\OTL.exe
[2010/08/25 22:40:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 22:25:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/25 21:27:38 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\new\Desktop\Shortcut to ComboFix.lnk
[2010/08/25 18:42:41 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/25 18:41:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/25 18:41:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/25 18:41:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/25 18:41:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/25 18:41:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/25 18:41:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/25 17:52:50 | 000,067,096 | ---- | M] () -- C:\Documents and Settings\new\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/25 17:47:12 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 17:38:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/25 16:49:09 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Netscape Navigator.lnk
[2010/08/24 02:19:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/08/23 22:45:20 | 000,000,012 | ---- | M] () -- C:\Program Files\OnDisk_ver.ini
[2010/08/23 22:18:46 | 000,000,010 | ---- | M] () -- C:\Program Files\OnDiskver.ini
[2010/08/23 22:18:36 | 012,145,896 | ---- | M] () -- C:\Program Files\OnDisksetup.exe
[2010/08/23 05:24:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/22 23:27:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/19 22:08:13 | 000,001,091 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 20:14:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2010/08/18 23:03:36 | 000,000,557 | ---- | M] () -- C:\WINDOWS\System32\KvpVer.tbl
[2010/08/18 22:59:10 | 000,124,000 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\drivers\kcrtx86.sys
[2010/08/18 22:59:10 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/18 22:59:09 | 001,784,576 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKMemLink.dll
[2010/08/18 22:58:27 | 000,708,096 | ---- | M] () -- C:\WINDOWS\System32\INIcrypto20.dll
[2010/08/18 22:58:04 | 000,143,460 | ---- | M] () -- C:\WINDOWS\System32\INIWEBCryptoWrapper.dll
[2010/08/18 22:58:02 | 000,260,096 | ---- | M] (INITECH ©.) -- C:\WINDOWS\System32\INIWebCrypto.dll
[2010/08/18 22:57:45 | 000,241,664 | ---- | M] () -- C:\WINDOWS\System32\PubCertDlg.dll
[2010/08/18 22:57:42 | 001,205,544 | ---- | M] () -- C:\WINDOWS\System32\ISPPopUpDlg.exe
[2010/08/18 22:57:32 | 000,923,080 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKAppLink.dll
[2010/08/18 22:57:03 | 000,124,928 | ---- | M] (INITECH ©) -- C:\WINDOWS\System32\INICertStore.dll
[2010/08/18 22:56:52 | 000,386,048 | ---- | M] () -- C:\WINDOWS\System32\INICertManUI.dll
[2010/08/18 22:45:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\ISP_crgen.dll
[2010/08/18 22:45:20 | 000,073,728 | ---- | M] (Initech ©) -- C:\WINDOWS\System32\ISP_INISafeNet.dll
[2010/08/18 22:45:16 | 006,750,208 | ---- | M] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2010/08/18 04:43:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/08/17 03:00:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/15 20:23:08 | 000,286,208 | ---- | M] () -- C:\WINDOWS\winetwp.exe
[2010/08/15 09:55:51 | 000,000,105 | ---- | M] () -- C:\WINDOWS\VMSTI000.bmp
[2010/08/15 03:35:45 | 000,505,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/15 03:35:45 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/15 03:35:45 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 01:24:27 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/15 00:45:29 | 000,001,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Notepad.lnk
[2010/08/15 00:38:08 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/08/15 00:30:25 | 000,000,406 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/08/14 19:57:41 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/08/14 19:39:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/14 19:39:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 19:39:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 19:39:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/14 19:39:42 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/14 15:17:01 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100814-195741.backup
[2010/08/14 14:51:10 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/08/13 20:20:57 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2010/08/13 01:17:09 | 000,261,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 01:15:38 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/08/12 22:12:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/12 21:12:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/12 21:12:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/12 12:51:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/12 12:50:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/11 19:33:29 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100813-123829.backup
[2010/08/11 17:03:28 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/11 02:20:46 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lngehind.sys
[2010/08/10 11:00:18 | 000,075,104 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/08/09 16:01:34 | 001,049,600 | ---- | M] () -- C:\WINDOWS\System32\TERUTENAUTHDATA
[2010/08/05 19:00:40 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/03 21:57:09 | 000,000,324 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/02 12:30:37 | 000,037,458 | ---- | M] () -- C:\WINDOWS\System32\vtpkt
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 11:36:21 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\new\Desktop\ooVoo.lnk
[2010/08/31 09:13:57 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/08/29 13:11:11 | 000,003,000 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/08/29 13:10:40 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/08/29 13:10:40 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/08/29 13:10:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/08/27 15:32:31 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\new\Desktop\address.doc
[2010/08/27 01:09:16 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\new\Desktop\SmitfraudFix.exe
[2010/08/27 00:46:50 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2010/08/25 23:38:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\new\Desktop\dds.scr
[2010/08/25 23:08:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\new\Desktop\MBRCheck.exe
[2010/08/25 23:07:36 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\new\Desktop\RKUnhookerLE.EXE
[2010/08/25 22:25:57 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/08/25 22:25:54 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/25 22:20:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/25 22:20:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/25 22:20:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/25 22:20:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/25 22:20:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/25 21:27:38 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\new\Desktop\Shortcut to ComboFix.lnk
[2010/08/25 19:47:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/25 17:47:12 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 17:38:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/25 17:38:00 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/25 17:37:54 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\new\ntuser.ini
[2010/08/25 17:37:52 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\new\NTUSER.DAT
[2010/08/25 17:37:52 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\new\NtUser.dat.LOG
[2010/08/25 16:49:09 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Navigator.lnk
[2010/08/23 22:18:46 | 000,000,010 | ---- | C] () -- C:\Program Files\OnDiskver.ini
[2010/08/23 22:14:23 | 012,145,896 | ---- | C] () -- C:\Program Files\OnDisksetup.exe
[2010/08/23 22:14:22 | 000,000,012 | ---- | C] () -- C:\Program Files\OnDisk_ver.ini
[2010/08/22 23:27:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/18 22:59:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/18 22:58:27 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\INIcrypto20.dll
[2010/08/18 22:58:04 | 000,143,460 | ---- | C] () -- C:\WINDOWS\System32\INIWEBCryptoWrapper.dll
[2010/08/18 22:57:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\PubCertDlg.dll
[2010/08/18 22:57:42 | 001,205,544 | ---- | C] () -- C:\WINDOWS\System32\ISPPopUpDlg.exe
[2010/08/18 22:56:52 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\INICertManUI.dll
[2010/08/18 22:45:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ISP_crgen.dll
[2010/08/18 22:45:17 | 006,750,208 | ---- | C] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2010/08/15 20:23:04 | 000,286,208 | ---- | C] () -- C:\WINDOWS\winetwp.exe
[2010/08/15 19:06:49 | 001,792,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\x64\snp2uvc.sys
[2010/08/15 19:06:49 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\x64\sncduvc.sys
[2010/08/15 19:06:48 | 001,749,376 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2010/08/15 19:06:48 | 001,749,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/15 19:06:48 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/15 19:06:47 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2010/08/15 19:06:47 | 000,016,005 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.cat
[2010/08/15 19:06:47 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.inf
[2010/08/15 19:06:47 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2010/08/15 00:38:08 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/08/15 00:36:43 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/08/15 00:34:56 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/08/15 00:34:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/08/15 00:34:53 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/08/14 16:00:39 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/08/14 16:00:39 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/08/14 16:00:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/08/14 16:00:39 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/08/14 16:00:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/08/14 15:46:35 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/08/14 15:46:30 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/08/14 15:46:29 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/08/14 15:46:18 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/08/14 14:51:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/13 20:20:57 | 000,000,000 | ---- | C] () -- C:\dump_dvd.vob
[2010/08/13 13:29:32 | 000,000,105 | ---- | C] () -- C:\WINDOWS\VMSTI000.bmp
[2010/08/12 23:33:41 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/08/12 22:12:56 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/08/12 22:12:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/08/12 22:12:55 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/12 12:50:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/11 01:43:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/11 01:43:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/11 01:43:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/08/09 16:01:34 | 001,049,600 | ---- | C] () -- C:\WINDOWS\System32\TERUTENAUTHDATA
[2010/08/04 23:14:13 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/04 23:13:54 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/08/04 23:13:51 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/08/03 21:57:09 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/02 12:30:37 | 000,037,458 | ---- | C] () -- C:\WINDOWS\System32\vtpkt
[2010/07/21 18:27:45 | 000,000,937 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2010/07/21 18:00:40 | 000,000,156 | ---- | C] () -- C:\WINDOWS\rar_crck.ini
[2010/07/19 18:38:49 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\llll_KBD.ini
[2010/07/18 19:10:27 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/07/14 15:23:38 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to ntdll.dll.lnk
[2010/07/13 23:33:12 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/07/13 23:33:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/07/13 23:33:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010/07/13 23:33:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/06/13 20:07:17 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\LAG_KBD.ini
[2010/06/10 09:40:12 | 000,860,896 | ---- | C] () -- C:\WINDOWS\System32\MelonWebPlayer.dll
[2010/06/04 23:40:08 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Guesy_KBD.ini
[2010/05/17 05:41:16 | 000,283,360 | ---- | C] () -- C:\WINDOWS\System32\melonmvdl.dll
[2010/03/07 21:36:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2010/02/20 20:03:38 | 000,001,366 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/01/20 02:10:19 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/01/10 06:21:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/25 06:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/25 06:10:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2009/12/25 06:08:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfga.ini
[2009/12/25 06:08:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/25 06:03:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/12/25 06:03:42 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\OWNER_KBD.ini
[2009/12/25 06:03:39 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/12/25 06:03:39 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/12/25 06:03:39 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/12/25 06:03:39 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/12/25 06:03:39 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/12/25 06:03:39 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/12/25 06:03:39 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/12/25 06:03:39 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/12/25 06:03:39 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/12/25 06:03:39 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/12/25 06:03:39 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/12/25 06:03:39 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/12/25 06:03:39 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/12/25 06:03:39 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/12/25 06:03:39 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/12/25 06:03:39 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/12/25 06:03:39 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/12/25 06:03:19 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/12/25 06:03:17 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/12/25 06:03:17 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/12/25 05:58:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/11/24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/24 10:52:22 | 000,043,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2009/03/24 10:52:20 | 000,025,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2009/03/24 10:52:18 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/07 22:09:42 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System32\DDIHK.DLL
[2006/01/08 19:48:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImageSalsa.dll
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/28 11:59:04 | 001,575,712 | ---- | M] () -- C:\(2)_-_Lost_Temple.s2ma
[2010/02/28 11:55:32 | 001,703,076 | ---- | M] () -- C:\(2)_-_Shakuras_Plateau.s2ma
[2010/02/28 12:06:40 | 001,575,708 | ---- | M] () -- C:\(4)_-_Lost_Temple.s2ma
[2010/02/28 12:02:38 | 001,435,716 | ---- | M] () -- C:\(4)_-_Twilight_Fortress.s2ma
[2009/12/25 05:40:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/15 01:24:27 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/25 22:25:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/25 22:46:59 | 000,058,671 | ---- | M] () -- C:\ComboFix.txt
[2009/12/25 05:40:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/13 20:20:57 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2009/12/25 05:40:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/14 20:02:33 | 000,000,445 | -H-- | M] () -- C:\IPH.PH
[2009/12/25 05:40:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/08 19:47:02 | 000,053,248 | ---- | M] ( ) -- C:\npegtok.dll
[2005/12/04 21:28:08 | 000,000,203 | ---- | M] () -- C:\nsIEGSignTokPlugin.xpt
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/12 22:12:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/31 01:18:19 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys
[2010/08/29 13:12:43 | 000,002,368 | ---- | M] () -- C:\rapport.txt
[2010/08/27 12:53:34 | 000,001,550 | ---- | M] () -- C:\resetlog.txt
[2010/07/18 15:15:23 | 000,000,365 | ---- | M] () -- C:\rkill.log
[2010/05/15 22:15:31 | 000,000,004 | ---- | M] () -- C:\StipulationVer.txt

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/12/25 05:40:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/08/14 20:49:20 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/04/28 06:14:02 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2004/03/22 12:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2009/08/14 17:02:46 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 02:39:30 | 000,304,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/07/22 18:44:37 | 001,278,216 | ---- | M] (Penta Security Systems ) -- C:\Program Files\eGSignPlus_ActiveX_ForEBS.exe
[2010/08/23 22:18:36 | 012,145,896 | ---- | M] () -- C:\Program Files\OnDisksetup.exe
[2010/08/23 22:18:46 | 000,000,010 | ---- | M] () -- C:\Program Files\OnDiskver.ini
[2010/08/23 22:45:20 | 000,000,012 | ---- | M] () -- C:\Program Files\OnDisk_ver.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/12/24 21:30:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/24 21:30:04 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/24 21:30:04 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/08/12 22:17:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-27 10:00:59

========== Alternate Data Streams ==========

@Alternate Data Stream - 261 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
< End of report >


-Extra.txt

OTL Extras logfile created on: 9/1/2010 12:54:05 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\new\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 83.59 Gb Free Space | 42.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSUNG-2CB1CC4
Current User Name: new
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hwp.Print] -- C:\HNC\Hwp70\HwpPrnMng.exe /p "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"6112:UDP" = 6112:UDP:*:Disabled:Starcraft
"28690:TCP" = 28690:TCP:*:Disabled:Call of Duty 4
"28960:UDP" = 28960:UDP:*:Disabled:Call of duty_1
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\OnDisk\OnDiskHighDown.exe" = C:\Program Files\OnDisk\OnDiskHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()
"C:\Program Files\OnDisk\ExpressService.exe" = C:\Program Files\OnDisk\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)
"C:\Program Files\ShareBox\ShareBoxDown2.exe" = C:\Program Files\ShareBox\ShareBoxDown2.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\ShareBox\ExpressService.exe" = C:\Program Files\ShareBox\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OnDisk\OnDiskHighDown.exe" = C:\Program Files\OnDisk\OnDiskHighDown.exe:*:Enabled:@xpsp2res.dll,-22019 -- ()
"C:\Program Files\OnDisk\ExpressService.exe" = C:\Program Files\OnDisk\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019 -- (ExpressService)
"C:\Documents and Settings\All Users\Application Data\Nexon\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\Nexon\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Documents and Settings\All Users\Application Data\Nexon\Common\NMService.exe" = C:\Documents and Settings\All Users\Application Data\Nexon\Common\NMService.exe:*:Enabled:Nexon Messenger Service -- (Nexon Corp.)
"C:\Program Files\NATEON\BIN\NateOnMain.exe" = C:\Program Files\NATEON\BIN\NateOnMain.exe:*:Enabled:NATE ON -- (SK Communications)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows¢c NetMeeting¢c -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\WINDOWS\system32\SKTVSvr.exe" = C:\WINDOWS\system32\SKTVSvr.exe:*:Enabled:SKT Melon VoD Control -- (LOEN Entertainment Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Disabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:¥iTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\P3MelonSvr.exe" = C:\WINDOWS\system32\P3MelonSvr.exe:*:Enabled:SKT Melon Music Control -- (SK TELECOM.)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\OnDisk\OnDiskDown.exe" = C:\Program Files\OnDisk\OnDiskDown.exe:*:Enabled:OnDiskDown -- (에이치제이)
"C:\Program Files\QuickDownloadService\qdownservice.exe" = C:\Program Files\QuickDownloadService\qdownservice.exe:*:Enabled:QuickDownloadService -- (Innogrid, Inc)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01DEC6F3-1BD8-312B-A4A8-230F40D5B776}" = Microsoft .NET Framework 3.5 Language Pack - kor
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 업로드 도구
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25203851-E8E6-497D-997A-56808936E6E5}" = Windows Live Call
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{2C63941E-7EBA-4024-9CEB-604ACE80E5BB}" = Windows Live 필수 패키지
"{2D7D9D86-923A-41A8-919F-437332AB1033}" = Nero 7 Premium
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{564D4DC8-2D0F-4F95-BB3D-8C5EA7952DD7}" = Windows Live 메일
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = 네이트온
"{71A51BC5-E7D3-11DB-A386-005056C00008}" = WebCam SCB-0320N
"{78BB4AA8-C480-4C76-A980-5A02F8762B3D}" = eGSignPlus ActiveX For EBS
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8BBF793E-4CD8-4561-85A8-0A541C687EB3}" = Mini Launcher
"{8C8F3113-62C1-4EB9-B5F5-AEBA47FDC1D4}" = WOW XT and TSXT Filter Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{949102BC-7C05-4902-A4AA-A3CC01CF5163}" = Windows Live 사진 갤러리
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0109C4F-C748-47D9-861F-23B21FD5B908}_is1" = Punkbuster Got Busted v1.3
"{A12FCE50-9DBB-420B-9B1D-4861180B983F}" = MSN Webcam Recorder 31.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6F11BA2-8754-3608-8EA1-7F56542F9CE2}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - KOR
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-1042-7B44-A93000000001}" = Adobe Reader 9.3 - Korean
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2423C36-006E-4270-AEBC-CFC4CAF2C310}" = Haansoft Hangul 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C086DBAD-BB4B-4D0E-B980-70F469EFBFE4}" = iriver LDB Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D5B157DC-8550-457E-8944-32E8C5693F7B}" = Windows Live Messenger
"{D8ED9FC9-5E05-4BFE-8219-73070F70FDBB}" = Windows Live Sync
"{D9C18AD1-786A-302D-8E3C-5CBB34AD9BBE}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - KOR
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E80F2EF6-1D18-4090-BBE1-C98F11E84EDE}" = Windows Live Writer
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44CB7E4-870C-4021-B1F9-0CF352200519}_is1" = QuickDownloadService
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"advanced afreeca player" = afreeca player 제거
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery
"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery
"ALSong_is1" = 알송
"ALToolBar_is1" = 알툴바
"ALUpdate_is1" = 알툴즈 업데이트
"ALYac_is1" = 알약
"ALZip_is1" = 알집
"Aqua Launcher" = Aqua Launcher 4.0.56
"Atomic RAR Password Recovery_is1" = Atomic RAR Password Recovery 1.20
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"CrossCertWeb" = CrossCertWeb v2.0
"eGSignPlus_Plugin_ForEBS_is1" = eGSignPlus_Plugin_ForEBS 1.0
"Free Download Manager_is1" = Free Download Manager 3.0
"Free_TV_Bar Toolbar" = Free_TV_Bar Toolbar
"'Full Speed' Internet Booster + Performance Tests3.6" = 'Full Speed' Internet Booster + Performance Tests
"GOM Player" = GOM Player
"GomTV Launcher Plugin" = GOMTV Plug-in
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"ICCup Launcher_is1" = ICCup Launcher
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImageSalsa_is1" = ImageSalsa v1.9.14
"I-MEPS" = I-MEPS
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"Internet Download Manager" = Internet Download Manager
"kdefense" = K-Defense8 Control - 키보드 보안
"LimeWire" = LimeWire 5.5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"MediaShell" = MediaShell 2.1.1.0
"Melon" = MelOn Player
"MelonPackage" = 멜론 ActiveX 패키지
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - kor" = Microsoft .NET Framework 3.5 언어 팩 - 한국어
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP3 녹음기" = MP3 녹음기
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"msxml4" = msxml4
"NaverSetup" = 네이버 ActiveX 가이드
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnDisk" = 온디스크
"PhotoStage" = PhotoStage Slideshow Producer
"photoWORKS" = photoWORKS
"RAR Password Finder" = RAR Password Finder
"ReaGIF_is1" = ReaGIF 2.0
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"Software Informer_is1" = Software Informer 1.0 BETA
"SpyNoMore" = SpyNoMore 2.67
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Unlocker" = Unlocker 1.9.0
"uTorrent" = Torrent
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live 필수 패키지
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit
"XecureWeb Control" = XecureWeb Control
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
"YU2010_is1" = Your Uninstaller! 2010
"Zeallsoft Screen Webcam Recorder_is1" = Zeallsoft Screen Webcam Recorder 2.0
"겟앰프드" = 겟앰프드
"싹쓸이" = 싹쓸이 제거
"온디스크 서비스" = 온디스크 서비스
"전자민원G4C 민원발급프로그램 3.0" = 전자민원G4C 민원발급프로그램 3.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2010 12:34:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 12:34:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 12:48:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 12:48:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 2:28:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 2:28:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 2:33:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 2:33:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 4:03:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 9/1/2010 4:03:51 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 8/31/2010 4:15:01 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/31/2010 4:15:08 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/31/2010 4:15:34 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/31/2010 4:16:07 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Service Control Manager | ID = 7000
Description = The Webroot Client Service service failed to start due to the following
error: %%3

Error - 8/31/2010 4:16:07 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 8/31/2010 4:16:26 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/31/2010 4:17:11 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/31/2010 4:19:29 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Service Control Manager | ID = 7000
Description = The Webroot Client Service service failed to start due to the following
error: %%3

Error - 8/31/2010 4:19:29 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 8/31/2010 4:19:29 AM | Computer Name = SAMSUNG-2CB1CC4 | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053


< End of report >


Thanks.

Couldnt upload Extra.txt ...The OTL.txt size was too big.

Attached Files

  • Attached File  MBAM.txt   1.14KB   0 downloads
  • Attached File  OTL.Txt   169.81KB   0 downloads


#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 01 September 2010 - 10:49 AM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 01 September 2010 - 11:55 AM

Combo Fix Log :


ComboFix 10-08-31.03 - new 1/2010 Wed 9:46.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.3033.2396 [GMT -7:00]
Running from: c:\documents and settings\new\My Documents\Downloads\ComboFix.exe
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
FW: Webroot Internet Security Essentials *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\new\Application Data\PriceGong
c:\documents and settings\new\Application Data\PriceGong\Data\1.xml
c:\documents and settings\new\Application Data\PriceGong\Data\a.xml
c:\documents and settings\new\Application Data\PriceGong\Data\b.xml
c:\documents and settings\new\Application Data\PriceGong\Data\c.xml
c:\documents and settings\new\Application Data\PriceGong\Data\d.xml
c:\documents and settings\new\Application Data\PriceGong\Data\e.xml
c:\documents and settings\new\Application Data\PriceGong\Data\f.xml
c:\documents and settings\new\Application Data\PriceGong\Data\g.xml
c:\documents and settings\new\Application Data\PriceGong\Data\h.xml
c:\documents and settings\new\Application Data\PriceGong\Data\i.xml
c:\documents and settings\new\Application Data\PriceGong\Data\J.xml
c:\documents and settings\new\Application Data\PriceGong\Data\k.xml
c:\documents and settings\new\Application Data\PriceGong\Data\l.xml
c:\documents and settings\new\Application Data\PriceGong\Data\m.xml
c:\documents and settings\new\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\new\Application Data\PriceGong\Data\n.xml
c:\documents and settings\new\Application Data\PriceGong\Data\o.xml
c:\documents and settings\new\Application Data\PriceGong\Data\p.xml
c:\documents and settings\new\Application Data\PriceGong\Data\q.xml
c:\documents and settings\new\Application Data\PriceGong\Data\r.xml
c:\documents and settings\new\Application Data\PriceGong\Data\s.xml
c:\documents and settings\new\Application Data\PriceGong\Data\t.xml
c:\documents and settings\new\Application Data\PriceGong\Data\u.xml
c:\documents and settings\new\Application Data\PriceGong\Data\v.xml
c:\documents and settings\new\Application Data\PriceGong\Data\w.xml
c:\documents and settings\new\Application Data\PriceGong\Data\x.xml
c:\documents and settings\new\Application Data\PriceGong\Data\y.xml
c:\documents and settings\new\Application Data\PriceGong\Data\z.xml
c:\windows\svchost.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 18:36 . 2010-08-31 18:36 -------- d-----w- c:\program files\ooVoo
2010-08-31 07:42 . 2010-08-31 07:42 -------- d-----w- c:\documents and settings\new\Application Data\Malwarebytes
2010-08-27 22:12 . 2010-08-27 22:12 -------- d-----w- c:\documents and settings\new\Application Data\Office Genuine Advantage
2010-08-27 07:46 . 2010-08-27 07:46 1152 ----a-w- c:\windows\system32\windrv.sys
2010-08-27 07:46 . 2010-08-27 08:00 -------- d-----w- c:\program files\SpyNoMore
2010-08-26 20:33 . 2010-08-31 18:36 -------- d-----w- c:\documents and settings\new\Application Data\ooVoo Details
2010-08-26 20:07 . 2010-08-26 20:18 -------- d-----w- c:\program files\Windows Live Safety Center
2010-08-26 16:18 . 2010-08-26 16:18 -------- d-s---w- c:\documents and settings\new\UserData
2010-08-26 05:45 . 2010-08-26 05:45 503808 ----a-w- c:\documents and settings\new\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17af3a60-n\msvcp71.dll
2010-08-26 05:45 . 2010-08-26 05:45 499712 ----a-w- c:\documents and settings\new\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17af3a60-n\jmc.dll
2010-08-26 05:45 . 2010-08-26 05:45 348160 ----a-w- c:\documents and settings\new\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-17af3a60-n\msvcr71.dll
2010-08-26 05:45 . 2010-08-26 05:45 61440 ----a-w- c:\documents and settings\new\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b7f81bf-n\decora-sse.dll
2010-08-26 05:45 . 2010-08-26 05:45 12800 ----a-w- c:\documents and settings\new\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b7f81bf-n\decora-d3d.dll
2010-08-26 03:55 . 2010-08-31 08:18 -------- d-----w- c:\documents and settings\new\Tracing
2010-08-26 02:52 . 2010-08-31 23:04 -------- d-----w- c:\documents and settings\new\Application Data\skypePM
2010-08-26 02:48 . 2010-08-31 23:56 -------- d-----w- c:\documents and settings\new\Application Data\Skype
2010-08-26 02:47 . 2010-08-26 02:47 -------- d-----w- c:\program files\Common Files\Skype
2010-08-26 02:47 . 2010-08-26 02:47 -------- d-----r- c:\program files\Skype
2010-08-26 01:30 . 2010-08-26 01:30 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Mozilla
2010-08-26 00:54 . 2010-08-26 00:54 8709440 ----a-w- c:\documents and settings\new\Application Data\Estsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip801.exe
2010-08-26 00:52 . 2010-08-26 00:52 67096 ----a-w- c:\documents and settings\new\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-26 00:52 . 2010-08-26 00:52 -------- d-----w- c:\documents and settings\new\Application Data\Estsoft
2010-08-26 00:51 . 2010-08-26 00:51 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Netscape
2010-08-26 00:51 . 2010-08-26 00:51 -------- d-----w- c:\documents and settings\new\Application Data\Netscape
2010-08-26 00:41 . 2010-08-26 00:41 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Free_TV_Bar
2010-08-26 00:41 . 2010-08-26 00:41 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Conduit
2010-08-26 00:41 . 2010-08-26 00:41 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Threat Expert
2010-08-26 00:38 . 2010-08-30 21:19 -------- d-----w- c:\documents and settings\new\Application Data\Apple Computer
2010-08-26 00:38 . 2010-08-30 21:17 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Apple Computer
2010-08-26 00:38 . 2010-08-26 00:38 -------- d-----w- c:\documents and settings\new\Local Settings\Application Data\Ahead
2010-08-26 00:03 . 2010-08-26 00:03 -------- d-----w- c:\documents and settings\forEBS\Application Data\Uniblue
2010-08-25 23:49 . 2010-08-25 23:49 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Netscape
2010-08-25 23:49 . 2010-08-25 23:49 -------- d-----w- c:\documents and settings\forEBS\Application Data\Netscape
2010-08-25 23:49 . 2010-08-25 23:49 -------- d-----w- c:\program files\Netscape
2010-08-25 18:29 . 2010-08-25 18:29 -------- d-----w- c:\documents and settings\forEBS\Application Data\ElevatedDiagnostics
2010-08-25 17:24 . 2010-08-25 17:24 -------- d-----w- c:\documents and settings\forEBS\Application Data\Malwarebytes
2010-08-25 07:09 . 2010-08-25 07:09 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-08-25 07:09 . 2010-08-25 07:09 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-08-25 07:09 . 2010-08-25 07:09 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-08-25 07:09 . 2010-08-25 07:09 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-08-25 07:09 . 2010-08-25 07:09 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-08-25 07:09 . 2010-08-25 07:09 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-08-25 07:09 . 2010-08-25 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-08-25 05:53 . 2010-08-25 05:53 247136 ----a-w- c:\documents and settings\forEBS\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-08-25 05:53 . 2010-08-25 05:53 243040 ----a-w- c:\documents and settings\forEBS\Application Data\IDM\idmmzcc3\components2\idmmzcc.dll
2010-08-25 05:53 . 2010-08-26 00:12 -------- d-----w- c:\documents and settings\forEBS\Application Data\DMCache
2010-08-25 05:53 . 2010-08-25 05:53 -------- d-----w- c:\documents and settings\forEBS\Application Data\IDM
2010-08-25 04:01 . 2010-08-26 00:01 -------- d-----w- c:\program files\RegCure
2010-08-25 04:01 . 2010-08-25 04:01 -------- d-----w- c:\windows\RegCure
2010-08-24 17:03 . 2010-08-24 17:03 -------- d-----w- c:\program files\QuickTime
2010-08-24 05:39 . 2010-08-24 05:39 -------- d-s---w- c:\documents and settings\forEBS\UserData
2010-08-24 05:35 . 2010-08-24 05:35 8709440 ----a-w- c:\documents and settings\forEBS\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip801.exe
2010-08-24 05:14 . 2010-08-24 05:18 12145896 ----a-w- c:\program files\OnDisksetup.exe
2010-08-23 06:27 . 2010-08-23 06:27 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-08-23 06:22 . 2010-08-23 06:22 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 06:22 . 2010-08-23 06:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 06:20 . 2010-08-23 06:20 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-23 01:26 . 2010-08-26 00:11 -------- d-----w- c:\documents and settings\forEBS\Tracing
2010-08-21 21:36 . 2010-08-21 21:56 -------- d-----w- c:\program files\Unlocker
2010-08-21 03:40 . 2010-08-23 07:05 -------- d-----w- c:\program files\SC19
2010-08-19 05:59 . 2010-08-19 05:59 124000 ----a-w- c:\windows\system32\drivers\kcrtx86.sys
2010-08-19 05:59 . 2010-08-19 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftCamp
2010-08-19 05:59 . 2010-08-19 05:59 1784576 ----a-w- c:\windows\system32\SCSKMemLink.dll
2010-08-19 05:58 . 2010-08-19 05:58 708096 ----a-w- c:\windows\system32\INIcrypto20.dll
2010-08-19 05:58 . 2010-08-19 05:58 143460 ----a-w- c:\windows\system32\INIWEBCryptoWrapper.dll
2010-08-19 05:58 . 2010-08-19 05:58 260096 ----a-w- c:\windows\system32\INIWebCrypto.dll
2010-08-19 05:57 . 2010-08-19 05:57 241664 ----a-w- c:\windows\system32\PubCertDlg.dll
2010-08-19 05:57 . 2010-08-19 05:57 1205544 ----a-w- c:\windows\system32\ISPPopUpDlg.exe
2010-08-19 05:57 . 2010-08-19 05:57 923080 ----a-w- c:\windows\system32\SCSKAppLink.dll
2010-08-19 05:57 . 2010-08-19 05:57 124928 ----a-w- c:\windows\system32\INICertStore.dll
2010-08-19 05:56 . 2010-08-19 05:56 386048 ----a-w- c:\windows\system32\INICertManUI.dll
2010-08-19 05:45 . 2010-08-19 05:45 28672 ----a-w- c:\windows\system32\ISP_crgen.dll
2010-08-19 05:45 . 2010-08-19 05:45 73728 ----a-w- c:\windows\system32\ISP_INISafeNet.dll
2010-08-19 05:45 . 2010-08-19 05:45 6750208 ----a-w- c:\windows\system32\KvpVcmd.dll
2010-08-19 04:42 . 2010-08-19 04:42 -------- d-----w- c:\documents and settings\forEBS\Application Data\Office Genuine Advantage
2010-08-19 02:30 . 2010-08-19 02:30 -------- d-----w- c:\documents and settings\forEBS\Application Data\Clunet
2010-08-19 02:29 . 2010-08-19 02:29 -------- d-----w- c:\documents and settings\forEBS\Application Data\Wiz Solution
2010-08-18 05:42 . 2010-08-18 05:58 -------- d-----w- c:\documents and settings\forEBS\Application Data\Apple Computer
2010-08-18 02:27 . 2010-08-18 02:27 10864536 ----a-w- c:\documents and settings\forEBS\Application Data\ESTsoft\ALUpdate\ALSONG\newfile\TEMP\ALSong221.exe
2010-08-18 01:41 . 2010-08-18 01:41 -------- d-----w- c:\documents and settings\forEBS\Application Data\GRETECH
2010-08-17 22:47 . 2010-08-23 12:11 -------- d-----w- c:\documents and settings\forEBS\Application Data\uTorrent
2010-08-17 11:47 . 2010-08-17 11:47 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Identities
2010-08-17 03:14 . 2010-08-17 03:14 -------- d-----w- c:\documents and settings\forEBS\Application Data\NCH Software
2010-08-17 00:21 . 2010-08-17 00:21 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\MetaGeek,_LLC
2010-08-17 00:14 . 2010-08-17 00:14 45126 ----a-r- c:\documents and settings\forEBS\Application Data\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_6FEFF9B68218417F98F549.exe
2010-08-17 00:14 . 2010-08-17 00:14 45126 ----a-r- c:\documents and settings\forEBS\Application Data\Microsoft\Installer\{C7DEE429-4C9B-4126-894F-50B4F54FF196}\_322FD67B4052E9187FCAD5.exe
2010-08-17 00:14 . 2010-08-17 00:14 -------- d-----w- c:\program files\MetaGeek
2010-08-17 00:01 . 2010-08-17 00:09 -------- d-----w- c:\program files\Network Stumbler
2010-08-16 23:44 . 2010-08-23 06:20 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Adobe
2010-08-16 03:23 . 2010-08-16 03:23 286208 ----a-w- c:\windows\winetwp.exe
2010-08-16 02:34 . 2010-08-16 02:34 67096 ----a-w- c:\documents and settings\forEBS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 02:34 . 2010-08-20 05:10 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\ApplicationHistory
2010-08-16 02:34 . 2010-08-16 02:34 -------- d-----w- c:\windows\system32\windows media
2010-08-16 02:34 . 2010-08-16 02:34 -------- d-----w- c:\program files\Windows Media Components
2010-08-16 02:33 . 2010-08-16 02:33 200704 ----a-r- c:\documents and settings\forEBS\Application Data\Microsoft\Installer\{A12FCE50-9DBB-420B-9B1D-4861180B983F}\qq.exe1_23B87F1C4C254DA3B14945516F9A79E6.exe
2010-08-16 02:33 . 2010-08-16 02:33 200704 ----a-r- c:\documents and settings\forEBS\Application Data\Microsoft\Installer\{A12FCE50-9DBB-420B-9B1D-4861180B983F}\qq.exe_23B87F1C4C254DA3B14945516F9A79E6.exe
2010-08-16 02:33 . 2010-08-16 02:33 10134 ----a-r- c:\documents and settings\forEBS\Application Data\Microsoft\Installer\{A12FCE50-9DBB-420B-9B1D-4861180B983F}\ARPPRODUCTICON.exe
2010-08-16 02:25 . 2010-08-16 02:25 -------- d-----w- C:\temp.chicony
2010-08-16 02:19 . 2001-08-18 05:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2010-08-16 02:19 . 2001-08-18 05:36 99328 ----a-w- c:\windows\system32\srusd.dll
2010-08-16 02:19 . 2001-08-17 20:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-08-16 02:19 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-08-16 02:19 . 2001-08-18 05:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-08-16 02:19 . 2001-08-18 05:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2010-08-16 02:16 . 2010-08-16 02:16 -------- d-----w- C:\CamersoftOutput
2010-08-16 02:14 . 2010-08-18 05:42 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Apple Computer
2010-08-16 02:14 . 2010-08-16 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WebacamSurveyor
2010-08-16 02:09 . 2010-08-16 02:10 -------- d-----w- c:\program files\ImageSalsa
2010-08-15 21:38 . 2010-08-15 21:38 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Mozilla
2010-08-15 21:02 . 2010-08-15 21:02 503808 ----a-w- c:\documents and settings\forEBS\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7558ad38-n\msvcp71.dll
2010-08-15 21:02 . 2010-08-15 21:02 499712 ----a-w- c:\documents and settings\forEBS\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7558ad38-n\jmc.dll
2010-08-15 21:02 . 2010-08-15 21:02 348160 ----a-w- c:\documents and settings\forEBS\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7558ad38-n\msvcr71.dll
2010-08-15 21:02 . 2010-08-15 21:02 61440 ----a-w- c:\documents and settings\forEBS\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-65172571-n\decora-sse.dll
2010-08-15 21:02 . 2010-08-15 21:02 12800 ----a-w- c:\documents and settings\forEBS\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-65172571-n\decora-d3d.dll
2010-08-15 21:00 . 2010-08-15 21:00 5965840 ----a-w- c:\documents and settings\forEBS\Application Data\ESTsoft\ALUpdate\ALTOOLBAR\newfile\TEMP\ALToolbar165.exe
2010-08-15 20:58 . 2010-08-15 20:58 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Free_TV_Bar
2010-08-15 20:58 . 2010-08-15 20:58 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Conduit
2010-08-15 20:58 . 2010-08-18 02:23 -------- d-----w- c:\documents and settings\forEBS\Application Data\ESTsoft
2010-08-15 20:58 . 2010-08-15 20:58 -------- d-----w- c:\documents and settings\forEBS\Local Settings\Application Data\Threat Expert
2010-08-15 16:56 . 2010-08-25 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-08-15 07:34 . 2010-08-15 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-08-15 07:34 . 2010-08-15 07:34 -------- d-----w- c:\program files\ParetoLogic
2010-08-15 07:07 . 2010-08-15 07:07 1278216 ----a-w- c:\documents and settings\LAG\Application Data\IDM\DwnlData\LAG\eGSignPlus_ActiveX_ForEBS_37\eGSignPlus_ActiveX_ForEBS.exe
2010-08-15 06:08 . 2010-08-15 06:08 -------- d-----w- c:\documents and settings\LAG\Application Data\ElevatedDiagnostics
2010-08-15 05:05 . 2010-08-26 00:08 -------- d-----w- C:\ERDNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 07:59 . 2010-01-21 08:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-08-26 02:47 . 2010-02-11 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-25 17:24 . 2010-06-13 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 03:59 . 2010-07-23 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-08-24 20:05 . 2010-01-21 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Clunet
2010-08-24 05:45 . 2009-12-26 17:30 -------- d-----w- c:\program files\OnDisk
2010-08-24 05:45 . 2010-08-24 05:14 12 ----a-w- c:\program files\OnDisk_ver.ini
2010-08-24 05:38 . 2010-02-03 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-24 05:18 . 2009-12-26 17:31 -------- d-----w- c:\program files\QuickDownloadService
2010-08-24 05:18 . 2010-08-24 05:18 10 ----a-w- c:\program files\OnDiskver.ini
2010-08-23 06:22 . 2010-08-26 00:37 53632 ----a-w- c:\documents and settings\new\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-21 05:08 . 2010-08-19 21:52 -------- d-----w- c:\documents and settings\forEBS\Application Data\LimeWire
2010-08-19 22:09 . 2010-02-02 08:03 -------- d-----w- c:\program files\LimeWire
2010-08-16 02:35 . 2010-07-25 02:33 -------- d-----w- c:\program files\MSN Webcam Recorder
2010-08-16 02:25 . 2009-12-25 12:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-16 02:06 . 2010-08-16 02:06 -------- d-----w- c:\program files\Common Files\snp2uvc
2010-08-16 02:06 . 2010-08-16 02:06 -------- d-----w- c:\documents and settings\forEBS\Application Data\InstallShield
2010-08-15 17:18 . 2010-07-20 01:04 -------- d-----w- c:\documents and settings\LAG\Application Data\DMCache
2010-08-15 07:34 . 2010-07-23 01:57 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-08-15 05:08 . 2010-06-09 03:12 -------- d-----w- c:\program files\sidemaxnet
2010-08-15 02:51 . 2010-07-27 18:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-15 02:39 . 2010-06-15 02:15 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 02:25 . 2009-12-25 12:45 -------- d-----w- c:\program files\Java
2010-08-14 22:56 . 2010-07-23 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Netscape ISP Dialer
2010-08-14 22:52 . 2010-07-24 01:21 -------- d-----w- c:\documents and settings\LAG\Application Data\NCH Swift Sound
2010-08-14 22:51 . 2010-07-17 01:20 -------- d-----w- c:\program files\NCH Software
2010-08-14 21:27 . 2010-07-20 01:04 -------- d-----w- c:\documents and settings\LAG\Application Data\IDM
2010-08-14 18:58 . 2010-07-02 01:12 -------- d-----w- c:\documents and settings\LAG\Application Data\LimeWire
2010-08-13 09:51 . 2010-07-27 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-08-13 08:28 . 2010-06-15 07:05 -------- d-----w- c:\program files\Trend Micro
2010-08-13 08:24 . 2010-06-20 22:49 67096 ----a-w- c:\documents and settings\LAG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 08:16 . 2010-07-20 01:04 -------- d-----w- c:\program files\Internet Download Manager
2010-08-13 05:19 . 2009-12-25 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-12 06:59 . 2010-04-12 00:09 -------- d-----w- c:\program files\iRiver Plus3
2010-08-12 04:19 . 2010-07-22 00:47 -------- d-----w- c:\program files\RAR Password Cracker
2010-08-12 04:17 . 2010-07-14 06:30 -------- d-----w- c:\program files\I-MEPS
2010-08-10 03:59 . 2010-06-30 17:28 -------- d-----w- c:\program files\My Program
2010-08-10 00:30 . 2010-06-20 05:43 -------- d-----w- c:\documents and settings\LAG\Application Data\Free Download Manager
2010-07-31 05:46 . 2010-03-08 04:37 -------- d-----w- c:\program files\HP
2010-07-31 05:44 . 2010-03-08 04:33 -------- d--h--w- c:\program files\Avago-HP
2010-07-28 20:42 . 2010-07-28 20:42 -------- d-----w- c:\program files\SC2Maps
2010-07-28 18:10 . 2010-07-19 06:23 -------- d-----w- c:\program files\NPKI
2010-07-28 18:10 . 2010-07-28 18:10 -------- d-----w- c:\program files\CrossCert
2010-07-27 23:57 . 2009-12-25 13:13 -------- d-----w- c:\program files\Nero
2010-07-27 21:10 . 2010-07-27 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-07-27 03:57 . 2010-07-27 03:57 -------- d-----w- c:\documents and settings\LAG\Application Data\Office Genuine Advantage
2010-07-26 22:07 . 2010-07-26 22:07 -------- d-----w- c:\documents and settings\LAG\Application Data\Simply Super Software
2010-07-26 05:06 . 2010-07-26 04:48 17160 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-07-26 05:06 . 2010-07-26 04:48 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-07-26 05:06 . 2010-07-26 04:48 39944 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-07-26 04:48 . 2010-07-26 04:48 124424 ----a-r- c:\windows\system32\CKAgent.exe
2010-07-26 04:47 . 2010-07-26 04:47 -------- d-----w- c:\program files\BCQRE
2010-07-25 16:10 . 2010-07-25 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-25 02:44 . 2010-07-25 02:44 -------- d-----w- c:\program files\Zeallsoft
2010-07-25 02:38 . 2010-06-14 03:07 -------- d-----w- c:\documents and settings\LAG\Application Data\Apple Computer
2010-07-25 02:33 . 2010-07-25 02:33 -------- d-----w- c:\program files\WinPcap
2010-07-25 02:03 . 2010-07-25 02:03 -------- d-----w- c:\documents and settings\LAG\Application Data\WebCam Recorder
2010-07-25 02:03 . 2010-07-25 02:03 -------- d-----w- c:\program files\Solent
2010-07-24 01:21 . 2010-07-17 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-24 01:21 . 2010-07-17 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-07-23 02:18 . 2010-07-23 02:18 -------- d-----w- c:\documents and settings\LAG\Application Data\Netscape ISP Dialer
2010-07-23 02:18 . 2010-07-23 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-23 02:10 . 2010-07-22 21:12 -------- d-----w- c:\program files\Opera
2010-07-23 01:57 . 2010-07-23 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-07-23 01:44 . 2010-07-23 01:44 1278216 ----a-w- c:\program files\eGSignPlus_ActiveX_ForEBS.exe
2010-07-22 01:27 . 2010-07-22 01:27 -------- d-----w- c:\program files\AZPR
2010-07-22 01:10 . 2010-07-22 01:10 -------- d-----w- c:\program files\ElcomSoft
2010-07-22 01:08 . 2010-07-22 01:08 -------- d-----w- c:\program files\Atomic RAR Password Recovery
2010-07-22 00:55 . 2010-07-22 00:55 -------- d-----w- c:\program files\Information Packaging
2010-07-22 00:52 . 2010-07-22 00:52 -------- d-----w- c:\program files\ARPR
2010-07-21 04:15 . 2010-07-21 04:08 -------- d-----w- c:\documents and settings\LAG\Application Data\Azureus
2010-07-21 04:05 . 2010-07-21 04:05 -------- d-----w- c:\documents and settings\LAG\Application Data\deluge
2010-07-21 03:54 . 2010-07-21 03:52 -------- d-----w- c:\documents and settings\LAG\Application Data\BitTorrent
2010-07-20 17:07 . 2010-07-20 17:07 5964992 ----a-w- c:\documents and settings\LAG\Application Data\ESTsoft\ALUpdate\ALTOOLBAR\newfile\TEMP\ALToolbar164.exe
2010-07-20 01:45 . 2009-12-26 16:03 -------- d-----w- c:\program files\Free Download Manager
2010-07-20 01:43 . 2010-07-20 01:43 -------- d-----w- c:\program files\Software Informer
2010-07-20 01:22 . 2010-07-20 01:22 21764 ----a-w- c:\windows\system32\CoreAAC-uninstall.exe
2010-07-20 01:05 . 2010-07-20 01:04 218544 ----a-w- c:\documents and settings\LAG\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-07-19 20:04 . 2010-07-19 20:04 -------- d-----w- c:\documents and settings\LAG\Application Data\GRETECH
2010-07-19 20:04 . 2010-07-19 20:04 -------- d-----w- c:\program files\Common Files\GRETECH
2010-07-19 20:04 . 2010-07-19 20:04 -------- d-----w- c:\program files\GNU
2010-07-19 07:08 . 2010-07-03 06:45 542040 ----a-w- c:\documents and settings\LAG\Application Data\ESTsoft\ALZIP\ALAd.dll
2010-07-19 07:08 . 2010-07-03 06:45 542040 ----a-w- c:\documents and settings\LAG\Application Data\ESTsoft\ALSong\ALAd.dll
2010-07-19 06:23 . 2010-07-19 06:23 -------- d-----w- c:\program files\SoftForum
2010-07-19 02:10 . 2010-07-19 02:10 -------- d-----w- c:\documents and settings\LAG\Application Data\Canneverbe Limited
2010-07-19 02:10 . 2010-07-19 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-07-19 02:10 . 2010-07-19 02:10 -------- d-----w- c:\program files\CDBurnerXP
2010-07-19 02:08 . 2010-07-19 02:08 8709440 ----a-w- c:\documents and settings\LAG\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip801.exe
2010-07-19 01:11 . 2010-07-19 01:11 -------- d-----w- c:\documents and settings\LAG\Application Data\kipple
2010-07-18 23:19 . 2010-07-18 23:19 -------- d-----w- c:\documents and settings\LAG\Application Data\Clunet
2010-07-18 22:57 . 2010-03-03 07:44 -------- d-----w- c:\program files\CCleaner
2010-07-18 22:43 . 2010-06-20 04:43 -------- d-----w- c:\program files\BigFile
2010-07-18 22:40 . 2010-07-18 22:40 61952 ----a-w- c:\windows\system32\execryptorvb.dll
2010-07-17 01:21 . 2010-07-17 01:19 -------- d-----w- c:\documents and settings\LAG\Application Data\NCH Software
2010-07-16 21:11 . 2010-07-16 21:11 -------- d-----w- c:\program files\SKT Sync 2.0
2010-07-16 21:11 . 2010-07-14 06:09 -------- d-----w- c:\program files\SKT Sync 3.0
2010-07-16 21:11 . 2010-07-14 06:05 -------- d-----w- c:\program files\MelOn Player
2010-07-15 23:40 . 2010-07-15 23:40 475136 ----a-w- c:\windows\system32\p3melon.dll
2010-07-14 06:33 . 2010-07-14 06:33 921600 ----a-w- c:\windows\system32\vorbisenc.dll
2010-07-14 06:33 . 2010-07-14 06:33 188416 ----a-w- c:\windows\system32\vorbis.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0729639-d831-46c9-811b-9b0aa79fb45a}]
2010-06-28 01:04 2393184 ----a-w- c:\program files\Free_TV_Bar\tbFre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a0729639-d831-46c9-811b-9b0aa79fb45a}"= "c:\program files\Free_TV_Bar\tbFre0.dll" [2010-06-28 2393184]

[HKEY_CLASSES_ROOT\clsid\{a0729639-d831-46c9-811b-9b0aa79fb45a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A0729639-D831-46C9-811B-9B0AA79FB45A}"= "c:\program files\Free_TV_Bar\tbFre0.dll" [2010-06-28 2393184]

[HKEY_CLASSES_ROOT\clsid\{a0729639-d831-46c9-811b-9b0aa79fb45a}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-08-10 18:00 70264 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-07-11 18707640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-17 17881600]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-25 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2007-11-15 1212368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^LAG^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-17 03:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMHotKey]
2010-05-16 03:08 466944 ----a-w- c:\program files\Samsung\Easy Display Manager\DMLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 02:06 136176 ----atw- c:\documents and settings\LAG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
2006-07-16 22:00 475136 ----a-w- c:\program files\Common Files\Hnc\HncUtils\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-12-17 15:50 178712 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2010-08-10 18:14 3241312 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-12-17 15:50 150040 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 05:13 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-05-11 18:51 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-25 00:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
2010-05-16 03:08 151552 ----a-w- c:\program files\Samsung\MagicKBD\PreMKbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 23:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-12-17 15:50 150040 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 05:13 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\tintsetp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 05:13 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\tintsetp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-12-17 17:18 17881600 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SRS_PostInstaller"=2 (0x2)
"SGsvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"QuickDownload Update"=2 (0x2)
"QuickDownload Service"=2 (0x2)
"QuickDownload Agent"=2 (0x2)
"ose"=3 (0x3)
"NMSAccess"=2 (0x2)
"NBService"=3 (0x3)
"MsMpSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Browser Defender Update Service"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ALYac_PZSrv"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\OnDisk\\OnDiskHighDown.exe"=
"c:\\Program Files\\OnDisk\\ExpressService.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\SKTVSvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\P3MelonSvr.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\OnDisk\\OnDiskDown.exe"=
"c:\\Program Files\\QuickDownloadService\\qdownservice.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:UDP"= 6112:UDP:*:Disabled:Starcraft
"28690:TCP"= 28690:TCP:*:Disabled:Call of Duty 4
"28960:UDP"= 28960:UDP:*:Disabled:Call of duty_1
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/14/2010 3:46 PM 218592]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/2/2009 2:30 PM 29808]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [8/10/2010 11:16 AM 75104]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/25/2009 6:03 AM 4300]
R2 ExpressService;ExpressService;c:\program files\OnDisk\ExpressService.exe [11/10/2009 7:41 PM 1294336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/13/2010 4:10 PM 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2010 4:10 PM 20952]
R3 VMC33E;Vimicro Camera Service VMC33E;c:\windows\system32\drivers\VMC33E.sys [12/25/2009 6:02 AM 237952]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [3/24/2009 10:52 AM 25560]
S1 MpKsl343ed5b3;MpKsl343ed5b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD10DF00-539F-4A8D-A074-0C60B8473365}\MpKsl343ed5b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD10DF00-539F-4A8D-A074-0C60B8473365}\MpKsl343ed5b3.sys [?]
S2 INet Work Process;INet Work Process;c:\windows\winetwp.exe [8/15/2010 8:23 PM 286208]
S2 WRConsumerService;Webroot Client Service; [x]
S3 AhnFlt2k;AhnFlt2k;c:\windows\system32\drivers\AhnFlt2k.sys [1/6/2010 12:59 AM 52928]
S3 AhnRec2k;AhnRec2k;c:\windows\system32\drivers\AhnRec2k.sys [1/6/2010 12:59 AM 20416]
S3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [1/6/2010 12:59 AM 52800]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/25/2009 5:59 AM 1684736]
S3 ATamptNt_ASG;ATamptNt_ASG;\??\c:\program files\AhnLab\SiteGuard2\ATamptNt.sys --> c:\program files\AhnLab\SiteGuard2\ATamptNt.sys [?]
S3 ATamptNt_V3LITE;ATamptNt_V3LITE;\??\c:\progra~1\AhnLab\V3Lite\ATamptNt.sys --> c:\progra~1\AhnLab\V3Lite\ATamptNt.sys [?]
S3 AYDrvXP_ALYAC;AYDrvXP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvXP.sys [1/18/2010 6:55 PM 27000]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [1/6/2010 12:59 AM 19616]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [7/25/2010 9:48 PM 39944]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [7/25/2010 9:48 PM 126048]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\XDva348.sys --> c:\windows\system32\XDva348.sys [?]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [8/14/2010 4:00 PM 112592]
S4 QuickDownload Agent;QuickDownload Agent;c:\program files\QuickDownloadService\qdownagent.exe [12/26/2009 10:31 AM 110592]
S4 QuickDownload Service;QuickDownload Service;c:\program files\QuickDownloadService\qdownservice.exe [12/26/2009 10:31 AM 106496]
S4 QuickDownload Update;QuickDownload Update;c:\program files\QuickDownloadService\qdownupdate.exe [12/26/2009 10:31 AM 94208]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/14/2010 3:46 PM 366840]
S4 SGsvc;AhnLab SiteGuard Service; [x]
S4 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe [3/24/2009 10:52 AM 74992]
.
Contents of the 'Scheduled Tasks' folder

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006Core.job
- c:\documents and settings\LAG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 02:06]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006UA.job
- c:\documents and settings\LAG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-23 02:06]

2010-09-01 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 21:28]

2010-08-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

2010-09-01 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-12 05:01]

2010-08-24 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]

2010-08-18 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-06-23 04:06]

2010-08-30 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2010-06-23 04:06]

2010-08-20 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-07-17 01:21]
.
.
------- Supplementary Scan -------
.
Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - c:\program files\ESTsoft\ALToolBar\ALToolBarProtocol.dll
DPF: {03AF249E-119E-4569-838E-167E929EC6DA} - hxxp://www.bigfile.co.kr/client/BigFile.cab
DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} - hxxp://edu.ingang.go.kr/LMS/eduport/front/study/common/ftp/StreamNote2_V2.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://image.cjmall.com/initech/plugin/download_2010/INIS60.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxp://www.immigration.go.kr/HP/COM/keytec/easykeytec.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3024_32k.cab
DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} - hxxp://login.unitel.co.kr/iplug/lmgr2131.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - hxxp://www.ebs.co.kr/ActiveX/MagicLockOCX.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx311/kdfense8.cab
DPF: {BB8C416C-2422-44C6-9F8D-ACB3B74EEBD5} - hxxp://app.filebus.co.kr/app/FilebusWebControl.CAB
DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} - hxxp://edu.ingang.go.kr/lms_ingang/script/common_add/MagicSpeeder.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} - hxxp://www.melon.com/cab/MelonActiveXInstaller.cab
FF - ProfilePath - c:\documents and settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npxecure.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npxwfile.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 09:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0ce454a0-a365-40ee-9400-eb54df4710c2}]
@Denied: (Full) (Everyone)
"Model"=dword:000000ec
"Therad"=dword:00000025

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d8,e8,6d,e2,69,b9,e9,73,6f,76,2d,53,84,58,4a,d5,fa,45,80,84,a4,
a5,00,1a,f8,01,85,6f,31,13,ec,03,06,5e,95,17,db,90,b0,f5,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-01 09:53:43
ComboFix-quarantined-files.txt 2010-09-01 16:53
ComboFix2.txt 2010-08-26 05:46

Pre-Run: 89,831,378,944 bytes free
Post-Run: 89,896,091,648 bytes free

- - End Of File - - 0C729387A68B97AD0BD6A39002FC19F4


Thanks.

#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 01 September 2010 - 12:19 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 02 September 2010 - 11:36 PM


MBAM Log :


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4524

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/1/2010 11:10:12 AM
mbam-log-2010-09-01 (11-10-12).txt

Scan type: Quick scan
Objects scanned: 182607
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 15

Memory Processes Infected:
C:\WINDOWS\svchost.exe (FakeMS) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\comm.viewsource (Adware.SideMax) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comm.viewsource.1 (Adware.SideMax) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f86c5f7f-b67a-4c74-b13d-a3aa6654c340} (Adware.OpenShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{34bb38a5-06ac-4aa5-b19d-74b770925c6f} (Adware.OpenShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b142e53f-e3f8-40e2-a6bc-3bb39e899bff} (Adware.OpenShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4eda4ca6-2a62-46d0-98a1-28eaca1166b8} (Adware.LinkPrice) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5923288b-64a2-409c-bf21-bd973b31b9d5} (Adware.LinkPrice) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e610a7e-395c-4081-a9a9-73c2e3dadb57} (Adware.LinkPrice) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7fd13b24-5052-4c32-b0e2-13864a36c71e} (Adware.LinkPrice) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OpenShopper.DLL (Adware.OpenShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ShareBox (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\sidemaxnet (Adware.LinkPrice) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\쉐어박스 (Adware.ShareBox) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SCB7G4QC\dotnetdlg[1].dll (FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\brainclan_uninstall.exe (Adware.CloverPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe (FakeMS) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar\SBoxSearchBar.exe (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar\SBoxSearchBarC.dat (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar\SBoxSearchBarC.exe (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar\SBoxSearchBarD.dat (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar\SBoxSearchBarHK.dll (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\ShareBox\SBoxSearchBar\Uninstall.exe (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Program Files\sidemaxnet\sidemaxnet.dll (Adware.LinkPrice) -> Quarantined and deleted successfully.
C:\Program Files\sidemaxnet\sidemaxnet.exe (Adware.LinkPrice) -> Quarantined and deleted successfully.
C:\Program Files\sidemaxnet\sidemaxnetUpdate.exe (Adware.LinkPrice) -> Quarantined and deleted successfully.
C:\Program Files\sidemaxnet\Uninstall_sidemaxnet.exe (Adware.LinkPrice) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\쉐어박스\쉐어박스.url (Adware.ShareBox) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\쉐어박스.url (Adware.ShareBox) -> Quarantined and deleted


Kaspersky Internet Scanner Log :


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 02, 2010 11:57:07
Records in database: 4178649
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\


Scan statistics:
Objects scanned: 99932
Threats found: 6
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 04:15:52


File name / Threat / Threats count
C:\Documents and Settings\new\Desktop\Virus\WZ EDITING\WZ EDITING\HaRepacker 3.2\HaRepacker.exe Infected: Trojan-PSW.Win32.Dybalom.axt 1
C:\Documents and Settings\new\Desktop\Virus\WZ EDITING\WZ EDITING\KoolkBreaker.exe Infected: Trojan-Dropper.Win32.Renum.chh 1
C:\Documents and Settings\OWNER\Desktop\거위\BrainMini-install.alz Infected: not-a-virus:AdWare.Win32.Agent.shg 1
C:\Documents and Settings\OWNER\Desktop\거위\BrainMini-install.alz Infected: Trojan-Downloader.Win32.Genome.vly 1
C:\Documents and Settings\OWNER\Desktop\장운\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\System Volume Information\_restore{298BF6FB-B3B7-4275-B8CD-45BB59F884F8}\RP190\A0029681.exe Infected: Packed.Win32.Krap.hc 1

Selected area has been scanned.



Thanks.

Edited by Changg, 03 September 2010 - 12:46 AM.


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 03 September 2010 - 04:09 PM

Hi there,

Any idea what these are from?

C:\Documents and Settings\new\Desktop\Virus\WZ EDITING\WZ EDITING\HaRepacker 3.2\HaRepacker.exe Infected: Trojan-PSW.Win32.Dybalom.axt 1
C:\Documents and Settings\new\Desktop\Virus\WZ EDITING\WZ EDITING\KoolkBreaker.exe Infected: Trojan-Dropper.Win32.Renum.chh 1

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 03 September 2010 - 04:11 PM

QUOTE(mpascal @ Sep 3 2010, 02:09 PM) View Post
Hi there,

Any idea what these are from?

C:\Documents and Settings\new\Desktop\Virus\WZ EDITING\WZ EDITING\HaRepacker 3.2\HaRepacker.exe Infected: Trojan-PSW.Win32.Dybalom.axt 1
C:\Documents and Settings\new\Desktop\Virus\WZ EDITING\WZ EDITING\KoolkBreaker.exe Infected: Trojan-Dropper.Win32.Renum.chh 1



Its from a forums , the game I play in.

Im pretty sure its a false positive. o_o

It doesnt matter if I remove it or not. Should I do so?

#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 03 September 2010 - 04:30 PM

Hi there,

It's up to you. It's possible it's a false positive.

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 06 September 2010 - 03:17 AM

QUOTE(mpascal @ Sep 3 2010, 02:30 PM) View Post
Hi there,

It's up to you. It's possible it's a false positive.

Open up OTL and push the Quickscan button. Post the resulting log here.



My Computer is now fixed.. Should I still execute the Quickscan in OTL?

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 06 September 2010 - 01:22 PM

Yes, I just want to make sure I haven't missed anything in your logs.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 07 September 2010 - 06:02 AM

OTL Log :

OTL logfile created on: 9/7/2010 3:58:00 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\new\Desktop\Virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 95.52 Gb Free Space | 48.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAMSUNG-2CB1CC4
Current User Name: new
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\svchost.exe (Microsoft Corporation)
PRC - C:\Program Files\Nate\AddressSearch\ntasvr.exe (SK Communications)
PRC - C:\Documents and Settings\new\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\OnDisk\ExpressService.exe (ExpressService)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\PLFSetL.exe (sonix)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Program Files\Nate\AddressSearch\sch.dll (SK Communications)
MOD - C:\Documents and Settings\new\Desktop\Virus\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\ime\imkr6_1\imekrcic.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WRConsumerService) -- File not found
SRV - (SGsvc) -- File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (ExpressService) -- C:\Program Files\OnDisk\ExpressService.exe (ExpressService)
SRV - (INet Work Process) -- C:\WINDOWS\winetwp.exe ()
SRV - (ALYac_PZSrv) -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye (ESTsoft Corp)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (QuickDownload Service) -- C:\Program Files\QuickDownloadService\qdownservice.exe (Innogrid, Inc)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (QuickDownload Agent) -- C:\Program Files\QuickDownloadService\qdownagent.exe (Innogrid, Inc)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
SRV - (QuickDownload Update) -- C:\Program Files\QuickDownloadService\qdownupdate.exe (Innogrid, Inc)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)


========== Driver Services (SafeList) ==========

DRV - (XDva351) -- C:\WINDOWS\System32\XDva351.sys File not found
DRV - (XDva348) -- C:\WINDOWS\System32\XDva348.sys File not found
DRV - (scsk5) -- C:\WINDOWS\System32\drivers\scsk5.sys File not found
DRV - (RkHit) -- C:\WINDOWS\System32\drivers\RKHit.sys File not found
DRV - (MpKsl343ed5b3) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD10DF00-539F-4A8D-A074-0C60B8473365}\MpKsl343ed5b3.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (cpuz132) -- C:\DOCUME~1\LAG\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\DOCUME~1\new\LOCALS~1\Temp\catchme.sys File not found
DRV - (ATamptNt_V3LITE) -- C:\PROGRA~1\AhnLab\V3Lite\ATamptNt.sys File not found
DRV - (ATamptNt_ASG) -- C:\Program Files\AhnLab\SiteGuard2\ATamptNt.sys File not found
DRV - (VRVD302) -- C:\WINDOWS\system32\drivers\VRVD302.sys (Rsupport Corporation)
DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)
DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)
DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)
DRV - (AYDrvXP_ALYAC) -- C:\Program Files\ESTsoft\ALYac\AYDrvXP.sys (ESTsoft Corp)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (VMC33E) -- C:\WINDOWS\system32\drivers\VMC33E.sys (Vimicro Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AhnRghNt) -- C:\WINDOWS\system32\drivers\AhnRghNt.sys (AhnLab, Inc.)
DRV - (AhnRec2k) -- C:\WINDOWS\system32\drivers\AhnRec2k.sys (AhnLab, Inc.)
DRV - (AhnFlt2k) -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys (AhnLab, Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (CdmDrvNt) -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys (AhnLab, Inc.)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (AYDrvNT_ALYAC) -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys (ESTsoft Corp)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/08/12 12:06:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/15 03:40:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 18:30:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/01 11:00:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/08/25 16:49:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/09/01 11:00:23 | 000,000,000 | ---D | M]

[2010/08/25 18:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\Mozilla\Extensions
[2010/09/06 01:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\extensions
[2010/08/27 10:05:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 18:35:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/27 10:05:45 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Mozilla\Firefox\Profiles\ev2v0p7w.default\searchplugins\bing.xml
[2010/09/06 01:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/25 19:47:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/14 19:15:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 19:40:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/27 21:48:30 | 000,200,914 | ---- | M] (INITECH ©) -- C:\Program Files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/12/05 09:50:08 | 000,090,112 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npxecure.dll
[2009/12/05 09:50:06 | 000,073,728 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npxwfile.dll

O1 HOSTS File: ([2010/09/01 09:51:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Nate Search Class) - {FFDE727F-3330-45EB-B9F9-C1668E6E08B2} - C:\Program Files\Nate\AddressSearch\sch.dll (SK Communications)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Free TV Bar Toolbar) - {a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free TV Bar Toolbar) - {A0729639-D831-46C9-811B-9B0AA79FB45A} - C:\Program Files\Free_TV_Bar\tbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ntasvr] C:\Program Files\Nate\AddressSearch\ntasvr.exe (SK Communications)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\\PLFSetL.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {03AF249E-119E-4569-838E-167E929EC6DA} http://www.bigfile.co.kr/client/BigFile.cab (BigFileControl Control)
O16 - DPF: {124250DD-E2CC-4B5B-AE7E-C9AC8A11DF43} http://edu.ingang.go.kr/LMS/eduport/front/...eamNote2_V2.cab (StreamNote2 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://image.cjmall.com/initech/plugin/dow...2010/INIS60.cab (Reg Error: Key error.)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} http://www.immigration.go.kr/HP/COM/keytec/easykeytec.cab (EZKeytecOCX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3024_32k.cab (XecureCKKB Class)
O16 - DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} http://login.unitel.co.kr/iplug/lmgr2131.cab (UniAuth Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://gcc.nefficient.co.kr/gcc/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPi...33.cab?20081124 (CyImage Class)
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.ebs.co.kr/ActiveX/MagicLockOCX.cab (MagicLockOCX Control)
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://kings.nefficient.co.kr/kings/kdfx/k...11/kdfense8.cab (Kdfense8 Control)
O16 - DPF: {BB8C416C-2422-44C6-9F8D-ACB3B74EEBD5} http://app.filebus.co.kr/app/FilebusWebControl.CAB (Filebus Web Control)
O16 - DPF: {BDD22343-1DF0-4983-947F-7604DD9838F8} http://edu.ingang.go.kr/lms_ingang/script/...agicSpeeder.cab (MagicController Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} http://live.afreeca.com:8057/AFCStarter.cab (AFCStarter Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.com/activex/NaverAXGuide.cab (NaverAXGuide Class)
O16 - DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} http://www.melon.com/cab/MelonActiveXInstaller.cab (Manager Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.41.153.2 203.248.252.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\smart {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - C:\Program Files\ESTsoft\ALToolBar\ALToolBarProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/25 05:40:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/03 11:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/09/03 11:29:10 | 000,032,544 | ---- | C] (Rsupport Corporation) -- C:\WINDOWS\System32\VRVD302.dll
[2010/09/03 11:29:10 | 000,011,808 | ---- | C] (Rsupport Corporation) -- C:\WINDOWS\System32\drivers\VRVD302.sys
[2010/09/03 11:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\My Documents\네이트온 받은 파일
[2010/09/03 11:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nate
[2010/09/01 14:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\RcIncidents
[2010/09/01 13:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Redbana
[2010/09/01 12:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\My Documents\audition
[2010/09/01 12:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\uTorrent
[2010/09/01 10:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\PriceGong
[2010/09/01 09:54:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/01 09:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Desktop\Virus
[2010/08/31 11:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/08/31 00:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Malwarebytes
[2010/08/27 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Office Genuine Advantage
[2010/08/27 00:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2010/08/26 13:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\ooVoo Details
[2010/08/26 13:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/26 13:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\My Documents\받은 파일
[2010/08/26 09:18:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\new\UserData
[2010/08/25 22:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Sun
[2010/08/25 22:25:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/25 22:20:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/25 22:20:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/25 22:20:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/25 22:20:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/25 20:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Tracing
[2010/08/25 19:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\skypePM
[2010/08/25 19:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Skype
[2010/08/25 19:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/25 19:47:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/25 18:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\My Documents\Downloads
[2010/08/25 18:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Mozilla
[2010/08/25 18:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Mozilla
[2010/08/25 17:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Estsoft
[2010/08/25 17:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Netscape
[2010/08/25 17:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Netscape
[2010/08/25 17:47:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents\My Videos
[2010/08/25 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Adobe
[2010/08/25 17:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Free_TV_Bar
[2010/08/25 17:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Conduit
[2010/08/25 17:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Threat Expert
[2010/08/25 17:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Apple Computer
[2010/08/25 17:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Apple Computer
[2010/08/25 17:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Ahead
[2010/08/25 17:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Identities
[2010/08/25 17:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents\My Pictures
[2010/08/25 17:37:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents\My Music
[2010/08/25 17:37:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\new\Application Data\Microsoft
[2010/08/25 17:37:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\new\Cookies
[2010/08/25 17:37:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new\Application Data
[2010/08/25 17:37:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\Favorites
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Microsoft
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Application Data\Macromedia
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Desktop
[2010/08/25 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\new\Local Settings\Application Data\Adobe
[2010/08/25 17:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new\SendTo
[2010/08/25 17:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\new\Recent
[2010/08/25 17:37:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\Start Menu
[2010/08/25 17:37:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\new\My Documents
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\Templates
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\PrintHood
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\NetHood
[2010/08/25 17:37:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\new\Local Settings
[2010/08/25 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2010/08/25 11:04:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/25 11:03:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/25 00:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/24 21:01:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegCure
[2010/08/24 21:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/08/24 10:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/22 23:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/21 14:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/20 20:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\SC19
[2010/08/18 22:59:10 | 000,124,000 | ---- | C] (Kings Information & Network) -- C:\WINDOWS\System32\drivers\kcrtx86.sys
[2010/08/18 22:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2010/08/18 22:59:09 | 001,784,576 | ---- | C] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKMemLink.dll
[2010/08/18 22:58:02 | 000,260,096 | ---- | C] (INITECH ©.) -- C:\WINDOWS\System32\INIWebCrypto.dll
[2010/08/18 22:57:32 | 000,923,080 | ---- | C] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKAppLink.dll
[2010/08/18 22:57:03 | 000,124,928 | ---- | C] (INITECH ©) -- C:\WINDOWS\System32\INICertStore.dll
[2010/08/18 22:45:20 | 000,073,728 | ---- | C] (Initech ©) -- C:\WINDOWS\System32\ISP_INISafeNet.dll
[2010/08/16 17:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\MetaGeek
[2010/08/16 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Network Stumbler
[2010/08/15 19:34:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010/08/15 19:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/08/15 19:25:36 | 000,000,000 | ---D | C] -- C:\temp.chicony
[2010/08/15 19:16:41 | 000,000,000 | ---D | C] -- C:\CamersoftOutput
[2010/08/15 19:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WebacamSurveyor
[2010/08/15 19:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImageSalsa
[2010/08/15 19:06:50 | 000,094,208 | ---- | C] (sonix) -- C:\WINDOWS\PLFSetL.exe
[2010/08/15 19:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SUYIN NB Cam
[2010/08/15 19:06:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\x64
[2010/08/15 19:06:48 | 000,286,720 | ---- | C] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll
[2010/08/15 19:06:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
[2010/08/15 19:06:47 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/08/15 19:06:47 | 000,094,208 | ---- | C] (sonix) -- C:\WINDOWS\System32\PLFSetL.exe
[2010/08/15 19:06:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/15 19:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snp2uvc
[2010/08/15 09:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/08/15 00:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/15 00:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2010/08/14 23:51:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/08/14 23:50:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/08/14 22:53:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/08/14 22:05:22 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/08/14 19:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/14 16:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\ReaSoft
[2010/08/14 16:00:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/08/14 16:00:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/08/14 16:00:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/08/14 15:46:35 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/08/14 15:46:30 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/08/14 15:46:29 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/08/14 15:46:18 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/08/14 15:46:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/14 15:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/14 15:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/14 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/08/14 14:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/08/13 11:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/13 11:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/13 11:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/08/13 01:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Clunet
[2010/08/13 01:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/13 00:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegistryBooster 2
[2010/08/12 23:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/08/12 23:26:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/12 22:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/12 22:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/12 22:16:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/12 22:16:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/12 22:12:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/12 22:08:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/12 12:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/08/12 12:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/08/12 12:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/08/12 12:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/12 12:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/12 12:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/08/12 11:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2010/08/12 00:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/08/12 00:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2010/08/11 20:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/08/11 17:03:30 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/11 16:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/11 15:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/11 01:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/08/10 11:16:10 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2010/08/10 11:16:10 | 000,075,104 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[2010/08/09 16:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LOG
[2010/08/09 16:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teruten
[2010/08/09 16:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Teruten
[2010/08/08 11:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/06 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\av100
[2010/08/06 16:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/08/05 21:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/05 00:13:32 | 000,163,840 | ---- | C] (Helge Klein) -- C:\WINDOWS\SetACL.exe
[2010/08/04 23:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Qtracker
[2010/08/04 19:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/03 12:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/02 21:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/08/02 21:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/29 09:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/29 09:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/28 13:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\SC2Maps
[2010/07/28 11:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\CrossCert
[2010/07/28 09:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/27 20:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/27 14:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010/07/27 14:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/07/27 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/07/26 15:09:16 | 000,000,000 | ---D | C] -- C:\6f03b060d622502e00489cc1070a2167
[2010/07/26 15:04:19 | 000,000,000 | ---D | C] -- C:\13145c3f1b5d9a74bc436399
[2010/07/25 21:48:44 | 000,126,048 | ---- | C] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys
[2010/07/25 21:48:44 | 000,017,160 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS
[2010/07/25 21:48:38 | 000,498,976 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\XecureCK.dll
[2010/07/25 21:48:38 | 000,434,428 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\CKCSP.dll
[2010/07/25 21:48:38 | 000,214,328 | ---- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\npKeyPro.dll
[2010/07/25 21:48:38 | 000,181,560 | ---- | C] (SoftForum Co. Ltd.) -- C:\WINDOWS\System32\CKApp.dll
[2010/07/25 21:48:38 | 000,140,600 | ---- | C] (SoftForum Co. Ltd.) -- C:\WINDOWS\System32\Jrsoftcp.dll
[2010/07/25 21:48:38 | 000,039,944 | ---- | C] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS
[2010/07/25 21:48:37 | 000,124,424 | R--- | C] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe
[2010/07/25 21:47:38 | 000,057,344 | ---- | C] (M2Soft, Inc.) -- C:\WINDOWS\System32\rdfilex40g.dll
[2010/07/25 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\BCQRE
[2010/07/25 09:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/25 09:03:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/25 09:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/25 09:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/25 09:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/25 09:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/25 09:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/25 09:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/24 19:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Zeallsoft
[2010/07/24 19:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Webcam Recorder
[2010/07/24 19:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/07/24 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Solent
[2010/07/22 19:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2010/07/22 19:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/07/22 18:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/07/22 18:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/07/22 18:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/07/22 18:44:30 | 001,278,216 | ---- | C] (Penta Security Systems ) -- C:\Program Files\eGSignPlus_ActiveX_ForEBS.exe
[2010/07/22 14:34:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/22 14:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/22 14:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/07/22 13:26:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data
[2010/07/21 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\AZPR
[2010/07/21 18:10:55 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2010/07/21 18:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Atomic RAR Password Recovery
[2010/07/21 17:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Information Packaging
[2010/07/21 17:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\ARPR
[2010/07/21 17:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Cracker
[2010/07/19 18:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010/07/19 18:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/07/19 13:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GRETECH
[2010/07/19 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
[2010/07/18 23:23:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\yessign
[2010/07/18 23:23:36 | 000,000,000 | ---D | C] -- C:\XecureSSL
[2010/07/18 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\NPKI
[2010/07/18 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\SoftForum
[2010/07/18 19:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/18 19:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/07/18 18:49:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/18 15:40:32 | 000,061,952 | ---- | C] (SoftComplete Development) -- C:\WINDOWS\System32\execryptorvb.dll
[2010/07/16 18:21:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/16 18:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/07/16 18:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/07/16 14:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\SKT Sync 2.0
[2010/07/16 12:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/15 16:40:58 | 000,475,136 | ---- | C] (LOEN Entertainment, Inc.) -- C:\WINDOWS\System32\p3melon.dll
[2010/07/13 23:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\I-MEPS
[2010/07/13 23:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\SKT Sync 3.0
[2010/07/13 23:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\MelOn Player
[2010/07/06 14:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\kdefense
[2010/07/05 17:38:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/07/04 22:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/04 19:59:25 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2010/07/03 10:26:46 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/07/03 10:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/02 23:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/30 10:28:28 | 000,053,248 | ---- | C] ( ) -- C:\npegtok.dll
[2010/06/30 10:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\My Program
[2010/06/27 11:30:08 | 000,139,264 | ---- | C] (SK TELECOM.) -- C:\WINDOWS\System32\P3MelonEf.ax
[2010/06/21 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\SSac
[2010/06/21 19:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Foruser Soft
[2010/06/20 17:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\mp3record
[2010/06/19 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\photoWORKS
[2010/06/19 21:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\BigFile
[2010/06/17 02:14:50 | 000,651,264 | ---- | C] (SK TELECOM.) -- C:\WINDOWS\System32\P3MelonSvr.exe
[2010/06/15 21:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/15 20:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\ICCup
[2010/06/15 00:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/14 19:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/14 18:47:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
[2010/06/14 09:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\BroodWar_Ai_Project
[2010/06/13 21:11:30 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/06/13 17:23:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
[2010/06/13 17:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
[2010/06/13 17:16:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/13 16:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mini
[2010/06/13 16:10:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/13 16:10:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/13 16:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/13 15:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Starcraft

========== Files - Modified Within 90 Days ==========

[2010/09/07 03:11:00 | 000,000,756 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006UA.job
[2010/09/07 02:19:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/09/07 01:48:46 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/09/07 01:39:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 01:38:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/07 01:38:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 01:38:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/06 04:02:37 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\new\NTUSER.DAT
[2010/09/06 04:02:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\new\ntuser.ini
[2010/09/06 02:22:40 | 001,575,406 | -H-- | M] () -- C:\Documents and Settings\new\Local Settings\Application Data\IconCache.db
[2010/09/03 11:29:10 | 000,032,544 | ---- | M] (Rsupport Corporation) -- C:\WINDOWS\System32\VRVD302.dll
[2010/09/03 11:29:10 | 000,011,808 | ---- | M] (Rsupport Corporation) -- C:\WINDOWS\System32\drivers\VRVD302.sys
[2010/09/03 10:25:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/09/02 19:11:00 | 000,000,704 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006Core.job
[2010/09/02 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/09/01 15:59:02 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\scud.udf
[2010/09/01 11:00:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/01 09:51:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/01 09:51:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/31 09:44:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/30 04:43:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/08/28 02:27:38 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\new\Desktop\address.doc
[2010/08/27 00:46:50 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2010/08/25 22:25:57 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/25 18:42:41 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/25 18:41:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/25 18:41:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/25 18:41:49 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/25 18:41:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/25 18:41:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/25 18:41:48 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/25 17:52:50 | 000,067,096 | ---- | M] () -- C:\Documents and Settings\new\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/25 17:47:12 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 17:38:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/25 16:49:09 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Netscape Navigator.lnk
[2010/08/23 22:45:20 | 000,000,012 | ---- | M] () -- C:\Program Files\OnDisk_ver.ini
[2010/08/23 22:18:46 | 000,000,010 | ---- | M] () -- C:\Program Files\OnDiskver.ini
[2010/08/23 22:18:36 | 012,145,896 | ---- | M] () -- C:\Program Files\OnDisksetup.exe
[2010/08/23 05:24:20 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/19 22:08:13 | 000,001,091 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 20:14:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2010/08/18 23:03:36 | 000,000,557 | ---- | M] () -- C:\WINDOWS\System32\KvpVer.tbl
[2010/08/18 22:59:10 | 000,124,000 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\drivers\kcrtx86.sys
[2010/08/18 22:59:10 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/18 22:59:09 | 001,784,576 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKMemLink.dll
[2010/08/18 22:58:27 | 000,708,096 | ---- | M] () -- C:\WINDOWS\System32\INIcrypto20.dll
[2010/08/18 22:58:04 | 000,143,460 | ---- | M] () -- C:\WINDOWS\System32\INIWEBCryptoWrapper.dll
[2010/08/18 22:58:02 | 000,260,096 | ---- | M] (INITECH ©.) -- C:\WINDOWS\System32\INIWebCrypto.dll
[2010/08/18 22:57:45 | 000,241,664 | ---- | M] () -- C:\WINDOWS\System32\PubCertDlg.dll
[2010/08/18 22:57:42 | 001,205,544 | ---- | M] () -- C:\WINDOWS\System32\ISPPopUpDlg.exe
[2010/08/18 22:57:32 | 000,923,080 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKAppLink.dll
[2010/08/18 22:57:03 | 000,124,928 | ---- | M] (INITECH ©) -- C:\WINDOWS\System32\INICertStore.dll
[2010/08/18 22:56:52 | 000,386,048 | ---- | M] () -- C:\WINDOWS\System32\INICertManUI.dll
[2010/08/18 22:45:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\ISP_crgen.dll
[2010/08/18 22:45:20 | 000,073,728 | ---- | M] (Initech ©) -- C:\WINDOWS\System32\ISP_INISafeNet.dll
[2010/08/18 22:45:16 | 006,750,208 | ---- | M] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2010/08/18 04:43:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/08/17 03:00:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/15 20:23:08 | 000,286,208 | ---- | M] () -- C:\WINDOWS\winetwp.exe
[2010/08/15 09:55:51 | 000,000,105 | ---- | M] () -- C:\WINDOWS\VMSTI000.bmp
[2010/08/15 03:35:45 | 000,505,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/15 03:35:45 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/15 03:35:45 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 01:24:27 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/08/15 00:45:29 | 000,001,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Notepad.lnk
[2010/08/15 00:38:08 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/08/15 00:30:25 | 000,000,406 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/08/14 19:57:41 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/08/14 15:17:01 | 000,416,619 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100814-195741.backup
[2010/08/14 14:51:10 | 000,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2010/08/13 20:20:57 | 000,000,000 | ---- | M] () -- C:\dump_dvd.vob
[2010/08/13 01:17:09 | 000,261,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 01:15:38 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/08/12 22:12:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/12 21:12:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/12 21:12:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/12 12:51:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/12 12:50:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/11 19:33:29 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100813-123829.backup
[2010/08/11 17:03:28 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/10 11:00:18 | 000,075,104 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys
[2010/08/09 16:01:34 | 001,049,600 | ---- | M] () -- C:\WINDOWS\System32\TERUTENAUTHDATA
[2010/08/05 19:00:40 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/03 21:57:09 | 000,000,324 | ---- | M] () -- C:\WINDOWS\game.ini
[2010/08/02 12:30:37 | 000,037,458 | ---- | M] () -- C:\WINDOWS\System32\vtpkt
[2010/07/26 23:30:35 | 000,004,096 | R--- | M] () -- C:\WINDOWS\System32\4a165949
[2010/07/25 22:06:16 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys
[2010/07/25 22:06:16 | 000,017,160 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS
[2010/07/25 22:06:11 | 000,039,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS
[2010/07/25 21:48:38 | 000,124,424 | R--- | M] (SoftForum Co., Ltd.) -- C:\WINDOWS\System32\CKAgent.exe
[2010/07/22 18:44:37 | 001,278,216 | ---- | M] (Penta Security Systems ) -- C:\Program Files\eGSignPlus_ActiveX_ForEBS.exe
[2010/07/21 18:28:14 | 000,000,937 | ---- | M] () -- C:\WINDOWS\AZPR3.INI
[2010/07/21 18:01:47 | 000,000,156 | ---- | M] () -- C:\WINDOWS\rar_crck.ini
[2010/07/19 18:38:49 | 000,001,520 | ---- | M] () -- C:\WINDOWS\System32\llll_KBD.ini
[2010/07/19 18:22:26 | 000,021,764 | ---- | M] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2010/07/18 15:40:32 | 000,061,952 | ---- | M] (SoftComplete Development) -- C:\WINDOWS\System32\execryptorvb.dll
[2010/07/15 16:40:58 | 000,475,136 | ---- | M] (LOEN Entertainment, Inc.) -- C:\WINDOWS\System32\p3melon.dll
[2010/07/14 15:23:38 | 000,000,571 | ---- | M] () -- C:\WINDOWS\System32\Shortcut to ntdll.dll.lnk
[2010/07/13 23:34:13 | 000,790,528 | ---- | M] () -- C:\WINDOWS\System32\ffdshow.ax
[2010/07/13 23:33:27 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/07/13 23:33:11 | 000,188,416 | ---- | M] () -- C:\WINDOWS\System32\vorbis.dll
[2010/07/13 23:33:08 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\OggDS.dll
[2010/07/13 23:33:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\ogg.dll
[2010/07/13 22:56:43 | 000,057,893 | ---- | M] () -- C:\WINDOWS\System32\MelonActiveXUninst.exe
[2010/07/04 19:59:25 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2010/06/27 11:30:08 | 000,139,264 | ---- | M] (SK TELECOM.) -- C:\WINDOWS\System32\P3MelonEf.ax
[2010/06/21 20:05:08 | 000,000,018 | ---- | M] () -- C:\WINDOWS\System32\lastdo.dat
[2010/06/21 20:02:27 | 000,000,074 | ---- | M] () -- C:\WINDOWS\reg.op
[2010/06/21 20:01:33 | 000,000,106 | ---- | M] () -- C:\WINDOWS\disk.op
[2010/06/21 20:01:33 | 000,000,055 | ---- | M] () -- C:\WINDOWS\filesub.op
[2010/06/21 19:58:01 | 000,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2010/06/17 02:14:50 | 000,651,264 | ---- | M] (SK TELECOM.) -- C:\WINDOWS\System32\P3MelonSvr.exe
[2010/06/14 18:47:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\WINDOWS\System32\frapsvid.dll
[2010/06/13 21:11:30 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/06/13 21:11:30 | 000,012,488 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/06/13 21:11:30 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/06/13 20:07:17 | 000,001,520 | ---- | M] () -- C:\WINDOWS\System32\LAG_KBD.ini
[2010/06/12 16:54:31 | 000,000,193 | ---- | M] () -- C:\WINDOWS\cqdata.dat
[2010/06/10 09:40:12 | 000,860,896 | ---- | M] () -- C:\WINDOWS\System32\MelonWebPlayer.dll

========== Files Created - No Company Name ==========

[2010/09/07 01:48:46 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job
[2010/09/03 10:25:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/09/01 15:59:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\scud.udf
[2010/08/27 15:32:31 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\new\Desktop\address.doc
[2010/08/27 00:46:50 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2010/08/25 22:25:57 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/08/25 22:25:54 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/25 22:20:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/25 22:20:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/25 22:20:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/25 22:20:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/25 22:20:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/25 19:47:14 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/25 17:47:12 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/25 17:38:14 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/25 17:38:00 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\new\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/25 17:37:54 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\new\ntuser.ini
[2010/08/25 17:37:52 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\new\NTUSER.DAT
[2010/08/25 17:37:52 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\new\NtUser.dat.LOG
[2010/08/25 16:49:09 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Netscape Navigator.lnk
[2010/08/23 22:18:46 | 000,000,010 | ---- | C] () -- C:\Program Files\OnDiskver.ini
[2010/08/23 22:14:23 | 012,145,896 | ---- | C] () -- C:\Program Files\OnDisksetup.exe
[2010/08/23 22:14:22 | 000,000,012 | ---- | C] () -- C:\Program Files\OnDisk_ver.ini
[2010/08/22 23:27:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/18 22:59:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/18 22:58:27 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\INIcrypto20.dll
[2010/08/18 22:58:04 | 000,143,460 | ---- | C] () -- C:\WINDOWS\System32\INIWEBCryptoWrapper.dll
[2010/08/18 22:57:45 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\PubCertDlg.dll
[2010/08/18 22:57:42 | 001,205,544 | ---- | C] () -- C:\WINDOWS\System32\ISPPopUpDlg.exe
[2010/08/18 22:56:52 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\INICertManUI.dll
[2010/08/18 22:45:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ISP_crgen.dll
[2010/08/18 22:45:17 | 006,750,208 | ---- | C] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2010/08/15 20:23:04 | 000,286,208 | ---- | C] () -- C:\WINDOWS\winetwp.exe
[2010/08/15 19:06:49 | 001,792,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\x64\snp2uvc.sys
[2010/08/15 19:06:49 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\x64\sncduvc.sys
[2010/08/15 19:06:48 | 001,749,376 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2010/08/15 19:06:48 | 001,749,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/15 19:06:48 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/15 19:06:47 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2010/08/15 19:06:47 | 000,016,005 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.cat
[2010/08/15 19:06:47 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.inf
[2010/08/15 19:06:47 | 000,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2010/08/15 00:38:08 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/08/15 00:36:43 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/08/15 00:34:56 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2010/08/15 00:34:56 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2010/08/15 00:34:53 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/08/14 16:00:39 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/08/14 16:00:39 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/08/14 16:00:39 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/08/14 16:00:39 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/08/14 16:00:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/08/14 15:46:35 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/08/14 15:46:30 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/08/14 15:46:29 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/08/14 15:46:18 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/08/14 14:51:02 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/08/13 20:20:57 | 000,000,000 | ---- | C] () -- C:\dump_dvd.vob
[2010/08/13 13:29:32 | 000,000,105 | ---- | C] () -- C:\WINDOWS\VMSTI000.bmp
[2010/08/12 23:33:41 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/08/12 22:12:56 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/08/12 22:12:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/08/12 22:12:55 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/12 12:50:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/11 01:43:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/11 01:43:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/11 01:43:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/08/09 16:01:34 | 001,049,600 | ---- | C] () -- C:\WINDOWS\System32\TERUTENAUTHDATA
[2010/08/04 23:14:13 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/08/04 23:13:54 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/08/04 23:13:51 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/08/03 21:57:09 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2010/08/02 12:30:37 | 000,037,458 | ---- | C] () -- C:\WINDOWS\System32\vtpkt
[2010/07/28 13:37:24 | 001,435,716 | ---- | C] () -- C:\(4)_-_Twilight_Fortress.s2ma
[2010/07/28 13:37:23 | 001,703,076 | ---- | C] () -- C:\(2)_-_Shakuras_Plateau.s2ma
[2010/07/28 13:37:23 | 001,575,712 | ---- | C] () -- C:\(2)_-_Lost_Temple.s2ma
[2010/07/28 13:37:23 | 001,575,708 | ---- | C] () -- C:\(4)_-_Lost_Temple.s2ma
[2010/07/28 11:10:06 | 000,255,496 | ---- | C] () -- C:\WINDOWS\System32\UnInstall_CrossCert.exe
[2010/07/25 09:03:51 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/23 18:42:07 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2010/07/22 19:06:57 | 000,000,756 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006UA.job
[2010/07/22 19:06:57 | 000,000,704 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-413027322-1417001333-1006Core.job
[2010/07/22 14:23:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/21 18:27:45 | 000,000,937 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2010/07/21 18:00:40 | 000,000,156 | ---- | C] () -- C:\WINDOWS\rar_crck.ini
[2010/07/19 18:38:49 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\llll_KBD.ini
[2010/07/19 18:22:13 | 000,021,764 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2010/07/18 19:10:27 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/07/14 15:23:38 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to ntdll.dll.lnk
[2010/07/13 23:34:01 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\ffdshow.ax
[2010/07/13 23:33:12 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2010/07/13 23:33:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2010/07/13 23:33:05 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2010/07/13 23:33:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2010/07/13 22:56:04 | 000,057,893 | ---- | C] () -- C:\WINDOWS\System32\MelonActiveXUninst.exe
[2010/06/30 10:28:28 | 000,000,203 | ---- | C] () -- C:\nsIEGSignTokPlugin.xpt
[2010/06/21 20:02:27 | 000,000,074 | ---- | C] () -- C:\WINDOWS\reg.op
[2010/06/21 20:01:33 | 000,000,106 | ---- | C] () -- C:\WINDOWS\disk.op
[2010/06/21 20:01:33 | 000,000,055 | ---- | C] () -- C:\WINDOWS\filesub.op
[2010/06/21 20:01:33 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\lastdo.dat
[2010/06/13 21:11:30 | 000,012,488 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/13 21:11:30 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/06/13 20:07:17 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\LAG_KBD.ini
[2010/06/13 17:17:29 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/10 09:40:12 | 000,860,896 | ---- | C] () -- C:\WINDOWS\System32\MelonWebPlayer.dll
[2010/06/04 23:40:08 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Guesy_KBD.ini
[2010/05/17 05:41:16 | 000,283,360 | ---- | C] () -- C:\WINDOWS\System32\melonmvdl.dll
[2010/03/07 21:36:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2010/02/20 20:03:38 | 000,001,366 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/01/20 02:10:19 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/01/10 06:21:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/25 06:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/25 06:10:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2009/12/25 06:08:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfga.ini
[2009/12/25 06:08:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/25 06:03:42 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/12/25 06:03:42 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\OWNER_KBD.ini
[2009/12/25 06:03:39 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/12/25 06:03:39 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/12/25 06:03:39 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/12/25 06:03:39 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/12/25 06:03:39 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/12/25 06:03:39 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/12/25 06:03:39 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/12/25 06:03:39 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/12/25 06:03:39 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/12/25 06:03:39 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/12/25 06:03:39 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/12/25 06:03:39 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/12/25 06:03:39 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/12/25 06:03:39 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/12/25 06:03:39 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/12/25 06:03:39 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/12/25 06:03:39 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2009/12/25 06:03:19 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/12/25 06:03:17 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/12/25 06:03:17 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/12/25 05:58:28 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/11/24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/24 10:52:22 | 000,043,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2009/03/24 10:52:20 | 000,025,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2009/03/24 10:52:18 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/11/07 22:09:42 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System32\DDIHK.DLL
[2006/01/08 19:48:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImageSalsa.dll
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/01/06 01:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2010/07/04 20:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/18 19:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/24 13:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clunet
[2010/08/25 17:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/12/26 09:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2010/07/23 18:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/14 15:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape ISP Dialer
[2010/01/21 21:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/08/25 00:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/15 00:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/12 12:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/24 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/08/13 01:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2009/12/25 06:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAMSUNG
[2010/08/18 22:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2010/09/03 11:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/08/15 19:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebacamSurveyor
[2009/12/25 06:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2010/04/27 16:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/16 17:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/25 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\Netscape
[2010/08/31 11:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\ooVoo Details
[2010/09/03 11:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\PriceGong
[2010/09/01 15:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\new\Application Data\uTorrent
[2010/09/07 01:38:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/09/02 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/09/07 02:19:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/08/18 04:43:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor Defrag.job
[2010/08/30 04:43:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\PC Health Advisor.job
[2010/08/19 20:14:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 261 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:1CE11B51
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:CB0AACC9
< End of report >


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:19 AM

Posted 07 September 2010 - 01:31 PM

Hi there,

Just want to make sure everything is up to date on your system, then we should be good to go.

Download Security Check from here or here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 Changg

Changg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:19 AM

Posted 08 September 2010 - 03:18 AM

CheckSecurity Logs:


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Adobe Reader 9.3 - Korean
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamgui.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users