Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cukftxcmynhbr.dll file (cash titan browser enhancer)


  • This topic is locked This topic is locked
2 replies to this topic

#1 djloekee27

djloekee27

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 29 December 2010 - 07:06 AM

i have a weird file the nod32 keeps detecting.
C:\Windows\SysWow64\cukftxcmynhbr.dll
http://img.photobucket.com/albums/v290/djloekee27/Screenshots/what02.jpg

this is my hijackthis log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 오후 8:26:03, on 2010-12-29
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\CKAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {0EB94730-18CD-5C46-7B50-0BD14EE126CD} - C:\Windows\SysWow64\mfcc42.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: cashtitan browser enhancer - {498BF65D-FA60-D12D-AB7B-211ABA047402} - C:\Windows\SysWow64\cukftxcmynhbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Gulf Class - {FFDE727F-3330-45EB-B9F9-C1668E6E08B2} - C:\Program Files (x86)\Nate\AddressSearch\sch.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [vqvkuvsiwylhg] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\cukftxcmynhbr.dll"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Bluetooth 장치로 이미지 보내기(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Bluetooth 장치로 페이지 보내기(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bluetooth로 보내기 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Bluetooth 장치로 보내기(&B)... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} (AXMObjectCtl Class) - http://bank.keb.co.kr/veraport/veraport.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google 업데이트 서비스 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @mqutil.dll,-6203 (MSMQTriggers) - Unknown owner - C:\Windows\system32\mqtgsvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - C:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect Starter (nPStarterSVC) - INCA Internet Co., Ltd. - C:\Windows\system32\nPStarterSVC.exe
O23 - Service: Nate Address Search Service (NTAService) - SK Communications - C:\Program Files (x86)\Nate\AddressSearch\ntasvr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Realtek9xp - Realtek - C:\Program Files (x86)\REALTEK Wireless LAN Software\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10951 bytes

i have windows 7 ultimate k so there may be some strange looking programs, but they are just korean software. the only thing strange i see is
O2 - BHO: cashtitan browser enhancer - {498BF65D-FA60-D12D-AB7B-211ABA047402} - C:\Windows\SysWow64\cukftxcmynhbr.dll
O4 - HKLM\..\Run: [vqvkuvsiwylhg] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\cukftxcmynhbr.dll"
and i already had hijackthis delete this entry.
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

and this is my dds log.

?
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by R.C. Williams at 20:43:34.85 on 2010-12-29
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1042.18.3957.1645 [GMT -8:00]

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\mqsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\REALTEK Wireless LAN Software\RtlService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\REALTEK Wireless LAN Software\RtWlan.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\system32\nfsclnt.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\nPStarterSVC.exe
C:\Windows\SysWOW64\npnj5Agent.exe
C:\Windows\system32\CKAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Dlz\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Windows Live ID Sign-in Helper: {0eb94730-18cd-5c46-7b50-0bd14ee126cd} - C:\Windows\SysWow64\mfcc42.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: cashtitan browser enhancer: {498bf65d-fa60-d12d-ab7b-211aba047402} - C:\Windows\SysWow64\cukftxcmynhbr.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Gulf Class: {ffde727f-3330-45eb-b9f9-c1668e6e08b2} - C:\Program Files (x86)\Nate\AddressSearch\sch.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [vqvkuvsiwylhg] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\cukftxcmynhbr.dll"
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Bluetooth 장치로 이미지 보내기(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth 장치로 페이지 보내기(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://bank.keb.co.kr/veraport/veraport.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - C:\Program Files (x86)\DVD Region+CSS Free\DVDShell.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
mRun-x64: [MsmqIntCert] regsvr32 /s mqrt.dll
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\RC5932~1.WIL\AppData\Roaming\Mozilla\Firefox\Profiles\7qj0k2ja.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: C:\Users\R.C. Williams\AppData\Roaming\Mozilla\Firefox\Profiles\7qj0k2ja.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\R.C. Williams\AppData\Roaming\Mozilla\Firefox\Profiles\7qj0k2ja.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\R.C. Williams\AppData\Roaming\Mozilla\Firefox\Profiles\7qj0k2ja.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
FF - plugin: C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\R.C. Williams\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\R.C. Williams\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\system32\npKeyPro.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RAMBack: ramback@pavlov.net - %profile%\extensions\ramback@pavlov.net
FF - Ext: SEO Status PageRank/Alexa Toolbar: seostatus@rubyweb - %profile%\extensions\seostatus@rubyweb
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-22 54480]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-12-1 13824]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/02 18:44:55];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-3-29 164912]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-29 810120]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-3-29 124760]
R2 ftpsvc;Microsoft FTP Service;C:\Windows\system32\svchost.exe -k ftpsvc [2009-7-13 27136]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 NfsClnt;Client for NFS;C:\Windows\System32\nfsclnt.exe [2009-7-13 65024]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-2-26 5017600]
R2 nPStarterSVC;nProtect Starter;C:\Windows\system32\nPStarterSVC.exe --> C:\Windows\system32\nPStarterSVC.exe [?]
R2 Realtek9xp;Realtek9xp;C:\Program Files (x86)\REALTEK Wireless LAN Software\RtlService.exe [2010-12-1 36864]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-12-2 14112]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-12-22 142120]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-12-1 335400]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-1 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-8-20 31088]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-1 158976]
R3 JRSKD24;JRSKD24;C:\Windows\System32\JRSKD24.SYS [2010-12-24 13848]
R3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2010-12-24 141848]
R3 NfsRdr;Client for NFS Redirector;C:\Windows\System32\drivers\nfsrdr.sys [2009-7-13 262656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-12-1 84584]
R3 PsxDrv;PsxDrv;C:\Windows\System32\drivers\psxdrv.sys [2009-7-13 10240]
R3 RpcXdr;Server for NFS Open RPC (ONCRPC);C:\Windows\System32\drivers\rpcxdr.sys [2009-7-13 104448]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n 무선 LAN(미니-)PCI NIC NT 드라이버;C:\Windows\System32\drivers\rtl819xp.sys [2010-12-1 622624]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google 업데이트 서비스 (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-2 136176]
S2 NTAService;Nate Address Search Service;C:\Program Files (x86)\Nate\AddressSearch\ntasvr.exe [2010-12-1 36864]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 NPIDS;NPIDS;C:\Windows\System32\NPIdsVt64.sys [2010-12-24 55904]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-1 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
S3 XoftSpyService;XoftSpyService;C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe [2009-10-23 582424]
S4 Exfsvcpin;Exfsvcpin; [x]

=============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-12-30 04:30:28 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Malwarebytes
2010-12-30 04:30:17 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-30 04:30:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-30 04:30:14 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-30 04:30:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-30 03:52:45 388096 ----a-r- C:\Users\RC5932~1.WIL\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-30 03:52:45 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-29 19:37:46 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\nprotect
2010-12-29 19:01:58 -------- dc-h--w- C:\PROGRA~3\{1D27CD5F-93BB-4968-A5F1-E87D998A9554}
2010-12-29 19:00:01 -------- dc-h--w- C:\PROGRA~3\{4275E5EA-6E30-48EB-A209-F964539CBE1C}
2010-12-29 18:46:43 -------- d-----w- C:\Program Files\Common Files\Digidesign
2010-12-29 18:17:10 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2010-12-29 18:17:10 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2010-12-29 06:42:06 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2010-12-29 06:41:26 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2010-12-29 06:41:15 -------- d-----w- C:\Program Files (x86)\VstPlugins
2010-12-29 06:41:14 -------- d-----w- C:\Program Files (x86)\Outsim
2010-12-29 06:39:24 -------- d-----w- C:\Program Files (x86)\Image-Line
2010-12-29 06:26:26 -------- d-----w- C:\Windows\SysWow64\1090
2010-12-29 06:19:07 -------- d-----w- C:\Program Files\Native Instruments Traktor
2010-12-29 06:14:04 -------- dc-h--w- C:\PROGRA~3\{47803536-1938-4D3F-86D6-F4876B645542}
2010-12-29 06:13:32 -------- d-----w- C:\PROGRA~3\Native Instruments
2010-12-29 06:13:19 -------- dc-h--w- C:\PROGRA~3\{20EFD19B-675C-417B-A498-B0161D72FF88}
2010-12-29 06:12:58 -------- dc-h--w- C:\PROGRA~3\{B5F0C192-874D-49A8-88D7-8431E3714756}
2010-12-29 05:47:46 -------- dc----w- C:\PROGRA~3\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}
2010-12-29 05:43:39 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2010-12-29 05:24:39 -------- dc-h--w- C:\PROGRA~3\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
2010-12-29 05:13:59 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_2.dll
2010-12-29 05:13:50 -------- d-----w- C:\Program Files\Native Instruments
2010-12-29 05:13:30 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_5.dll
2010-12-29 05:13:30 1870336 ----a-w- C:\Windows\SysWow64\bconvert.dll
2010-12-29 05:06:41 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Native Instruments
2010-12-29 05:05:46 -------- d-----w- C:\Program Files (x86)\Common Files\Native Instruments
2010-12-29 05:05:18 -------- d-----w- C:\Program Files (x86)\Native Instruments
2010-12-29 04:48:10 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Ableton
2010-12-29 04:48:10 -------- d-----w- C:\PROGRA~3\Ableton
2010-12-29 04:44:59 -------- d-----w- C:\Program Files (x86)\Ableton
2010-12-29 04:41:31 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Waves Audio
2010-12-29 04:40:00 -------- d-----w- C:\Program Files (x86)\Waves
2010-12-29 04:33:57 -------- d-----w- C:\PROGRA~3\Propellerhead Software
2010-12-29 04:33:56 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Propellerhead Software
2010-12-29 04:32:38 -------- d-----w- C:\Program Files (x86)\Propellerhead
2010-12-29 04:21:36 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\VST3 Presets
2010-12-29 04:15:29 2395648 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2010-12-29 04:15:24 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2010-12-29 04:14:04 -------- d-----w- C:\PROGRA~3\VST3 Presets
2010-12-29 04:04:04 -------- d-----w- C:\Program Files (x86)\Common Files\Steinberg
2010-12-29 04:04:04 -------- d-----w- C:\PROGRA~3\Steinberg
2010-12-29 04:02:25 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Steinberg
2010-12-29 04:02:25 -------- d-----w- C:\Program Files (x86)\Steinberg
2010-12-28 11:21:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C0E4F907-B9F3-485D-8288-C992DBD54B97}\mpengine.dll
2010-12-25 01:06:58 434428 ----a-w- C:\Windows\SysWow64\CKCSP.dll
2010-12-24 00:52:13 -------- d-----w- C:\Windows\pss
2010-12-23 05:07:05 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2010-12-23 05:07:05 -------- d-----w- C:\PROGRA~3\ParetoLogic
2010-12-23 05:07:04 -------- d-----w- C:\Program Files (x86)\Common Files\XoftSpySE
2010-12-23 05:07:03 -------- d-----w- C:\PROGRA~3\XoftSpySE
2010-12-23 05:07:01 -------- d-----w- C:\Program Files (x86)\XoftSpySE6
2010-12-23 05:05:07 -------- d-----w- C:\Program Files\Raxco
2010-12-23 05:03:58 -------- d-----w- C:\Program Files (x86)\Raxco
2010-12-23 04:43:56 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\NetMedia Providers
2010-12-23 04:39:31 -------- d-----w- C:\Program Files (x86)\Sony Setup
2010-12-23 04:25:49 -------- d-----w- C:\Program Files\Sony
2010-12-23 04:25:49 -------- d-----w- C:\Program Files (x86)\Sony
2010-12-23 03:33:14 -------- d-----w- C:\Windows\System32\appmgmt
2010-12-23 03:27:41 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Sony
2010-12-23 02:12:56 54480 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2010-12-23 02:10:27 -------- d-----w- C:\Windows\SysWow64\spool
2010-12-23 01:54:37 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Avid
2010-12-23 01:54:25 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\PACE Anti-Piracy
2010-12-23 01:54:25 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\PACE Anti-Piracy
2010-12-23 01:54:25 -------- d-----w- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
2010-12-23 01:54:25 -------- d-----w- C:\PROGRA~3\PACE Anti-Piracy
2010-12-23 01:51:55 -------- d-----w- C:\PROGRA~3\Avid
2010-12-23 01:45:42 -------- d-----w- C:\Windows\SysWow64\MEDIA
2010-12-23 01:43:45 142120 ----a-w- C:\Windows\System32\drivers\sentinel64.sys
2010-12-23 01:43:42 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2010-12-23 01:43:20 -------- d-----w- C:\Windows\Downloaded Installations
2010-12-23 01:43:09 53248 ----a-r- C:\Users\RC5932~1.WIL\AppData\Roaming\Microsoft\Installer\{F426908A-B8EE-41B6-A75B-912A4FB80882}\ARPPRODUCTICON.exe
2010-12-23 01:42:31 53248 ----a-r- C:\Users\RC5932~1.WIL\AppData\Roaming\Microsoft\Installer\{322ECB75-61D2-4A74-9A96-F843FB1809C2}\ARPPRODUCTICON.exe
2010-12-23 01:42:31 -------- d-----w- C:\Program Files\Common Files\Avid
2010-12-23 01:41:59 53248 ----a-r- C:\Users\RC5932~1.WIL\AppData\Roaming\Microsoft\Installer\{4859AA8C-F772-4368-BD07-0DEFDD01FE40}\ARPPRODUCTICON.exe
2010-12-23 01:41:59 -------- d-----w- C:\Program Files\Common Files\PACE
2010-12-23 01:38:38 -------- d-----w- C:\Program Files (x86)\Digidesign
2010-12-23 01:38:37 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2010-12-23 01:37:25 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2010-12-23 01:35:34 -------- d-----w- C:\Program Files (x86)\Licenses
2010-12-23 01:35:31 -------- d-----w- C:\Program Files (x86)\Avid
2010-12-23 01:14:04 834544 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-12-23 01:13:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2010-12-23 01:13:05 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\DAEMON Tools Lite
2010-12-23 01:13:02 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2010-12-21 01:32:22 -------- d-----w- C:\Program Files (x86)\DCoder Image Source
2010-12-21 01:32:21 -------- d-----w- C:\Program Files (x86)\FFMPEG Core Files
2010-12-21 01:32:09 -------- d-----w- C:\Program Files (x86)\SHOUTcast Source
2010-12-21 01:32:08 -------- d-----w- C:\Program Files (x86)\MONOGRAM AMR SplitterDecoder
2010-12-21 01:32:08 -------- d-----w- C:\Program Files (x86)\CD Audio Reader Filter
2010-12-21 01:32:07 -------- d-----w- C:\Program Files (x86)\OpenSource AVI Splitter
2010-12-21 01:32:07 -------- d-----w- C:\Program Files (x86)\Gabest MPEG Splitter
2010-12-21 01:32:03 -------- d-----w- C:\Program Files (x86)\OpenSource DTSAC3DD+ Source Filter
2010-12-21 01:32:00 -------- d-----w- C:\Program Files (x86)\RealMedia
2010-12-21 01:31:39 -------- d-----w- C:\Program Files (x86)\DScaler5
2010-12-21 01:30:14 580096 ----a-w- C:\Windows\System32\ac3filter64.acm
2010-12-21 01:30:14 497664 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2010-12-21 01:30:14 -------- d-----w- C:\Program Files (x86)\AC3Filter
2010-12-21 01:30:03 -------- d-----w- C:\Program Files (x86)\OpenSource Flash Video Splitter
2010-12-21 01:30:02 -------- d-----w- C:\Program Files (x86)\DirectVobSub
2010-12-21 01:29:59 -------- d-----w- C:\Program Files (x86)\Haali
2010-12-21 01:29:55 -------- d-----w- C:\Program Files (x86)\Bass Audio Decoder
2010-12-21 01:29:50 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-12-21 01:29:50 -------- d-----w- C:\Program Files (x86)\ffdshow
2010-12-21 01:29:14 -------- d-----w- C:\Program Files (x86)\Zoom Player
2010-12-21 01:27:32 14 ----a-w- C:\Windows\SysWow64\System32.sys
2010-12-21 01:27:12 1645320 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2010-12-21 01:27:10 -------- d-----w- C:\Program Files (x86)\DVD X Studios
2010-12-21 01:27:10 -------- d-----w- C:\PROGRA~3\DVD X Studios
2010-12-21 01:25:56 -------- d-----w- C:\Program Files (x86)\DVD Region+CSS Free
2010-12-21 00:53:20 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Apps
2010-12-19 01:25:15 -------- d-----w- C:\Program Files (x86)\USBDriveFresher
2010-12-19 01:13:06 -------- d-----w- C:\Users\R.C. Williams\DS_Store_Cleaner Settings
2010-12-19 01:13:00 -------- d-----w- C:\Program Files (x86)\Red Room Development
2010-12-12 08:48:11 -------- d-----w- C:\PROGRA~3\ESTsoft
2010-12-12 08:48:10 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\ESTsoft
2010-12-12 08:48:10 -------- d-----w- C:\Program Files (x86)\ESTsoft
2010-12-11 01:03:11 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\HNC
2010-12-11 00:55:08 -------- d-----w- C:\Program Files (x86)\HNC
2010-12-04 22:02:00 -------- d-----w- C:\Program Files (x86)\MSECache
2010-12-04 21:50:15 359624 ----a-w- C:\Windows\System32\drivers\vpcvmm.sys
2010-12-04 21:03:23 4096 ----a-w- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui
2010-12-04 21:02:08 -------- d-----w- C:\Program Files\Windows XP Mode
2010-12-04 19:37:26 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Samsung
2010-12-04 19:31:26 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\ESET
2010-12-04 18:08:54 -------- d-----w- C:\Program Files (x86)\Marvell
2010-12-04 18:08:29 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\ElevatedDiagnostics
2010-12-04 10:12:02 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-12-03 03:57:45 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-12-03 03:49:22 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Google
2010-12-03 03:29:35 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2010-12-03 03:29:35 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2010-12-03 03:29:35 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2010-12-03 03:29:35 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2010-12-03 03:29:35 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2010-12-03 03:29:34 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2010-12-03 03:29:34 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2010-12-03 03:23:42 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe Systems Shared
2010-12-03 03:14:06 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Ahead
2010-12-03 03:14:01 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Power2Go
2010-12-03 03:10:56 -------- d-----w- C:\Program Files (x86)\Nero
2010-12-03 03:10:56 -------- d-----w- C:\PROGRA~3\Nero
2010-12-03 03:05:41 8 --sh--r- C:\PROGRA~3\2961FD6A2E.sys
2010-12-03 03:05:40 2828 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
2010-12-03 03:05:39 -------- d-----w- C:\Users\R.C. Williams\Corel
2010-12-03 03:05:10 14112 ----a-w- C:\Windows\System32\drivers\regi.sys
2010-12-03 03:05:01 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2010-12-03 03:04:49 -------- d-----w- C:\Program Files (x86)\Corel
2010-12-03 03:04:49 -------- d-----w- C:\PROGRA~3\Corel
2010-12-03 02:11:19 -------- d-----w- C:\Users\R.C. Williams\Cyberlink
2010-12-03 02:08:30 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-03 02:08:30 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-12-03 02:08:30 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-03 02:08:30 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-12-03 02:08:30 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-03 02:06:59 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2010-12-03 02:05:52 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2010-12-03 02:02:13 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Cyberlink
2010-12-03 01:55:28 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\WinZip
2010-12-03 01:42:36 -------- d-----w- C:\Program Files (x86)\uTorrent
2010-12-03 01:41:59 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\uTorrent
2010-12-03 01:41:23 -------- d-----w- C:\Program Files\Unlocker
2010-12-03 01:39:34 -------- d-----w- C:\Program Files (x86)\Common Files\L&H
2010-12-03 01:39:21 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2010-12-03 01:37:58 -------- d-----w- C:\Windows\PCHEALTH
2010-12-03 01:33:13 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Adobe
2010-12-03 01:01:30 -------- d-----w- C:\Program Files (x86)\Common Files\GRETECH
2010-12-03 00:53:47 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Yahoo
2010-12-02 07:43:28 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\AIM
2010-12-02 07:43:27 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\AOL
2010-12-02 07:31:58 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2010-12-02 06:10:57 -------- d-----w- C:\Program Files (x86)\eRightSoft
2010-12-02 06:09:53 -------- d-----w- C:\Program Files (x86)\Yahoo!
2010-12-02 06:09:33 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Roaming\Facebook
2010-12-02 06:09:24 -------- d-----w- C:\PROGRA~3\AIM
2010-12-02 06:09:21 -------- d-----w- C:\Program Files (x86)\AIM
2010-12-02 06:09:19 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2010-12-02 06:08:49 -------- d-----w- C:\Program Files (x86)\Common Files\Gretech Corporation
2010-12-02 06:08:48 -------- d-----w- C:\PROGRA~3\GRETECH
2010-12-02 06:08:17 -------- d-----w- C:\Program Files (x86)\DtsFilter
2010-12-02 06:08:16 -------- d-----w- C:\Program Files (x86)\GNU
2010-12-02 06:07:55 -------- d-----w- C:\Program Files (x86)\GRETECH
2010-12-02 06:07:07 -------- d-----r- C:\Program Files (x86)\Skype
2010-12-02 06:05:45 -------- d-----w- C:\Program Files\Common Files\AhnLab
2010-12-02 06:05:44 -------- d-----w- C:\Program Files (x86)\Common Files\AhnLab
2010-12-02 06:05:42 2563664 ----a-w- C:\Windows\System32\btscan.exe
2010-12-02 06:03:48 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\SK Communications
2010-12-02 06:01:16 -------- d-----w- C:\Program Files\AhnLab
2010-12-02 06:01:12 -------- d-----w- C:\PROGRA~3\AhnLab
2010-12-02 05:59:55 -------- d-----w- C:\Program Files (x86)\Nate
2010-12-02 05:59:25 146432 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\NATEED\TRIEDIT.DLL
2010-12-02 05:59:25 -------- d-----w- C:\Program Files (x86)\NATEON
2010-12-02 05:56:23 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-12-02 05:56:22 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2010-12-02 05:55:53 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2010-12-02 05:55:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-12-02 05:55:16 -------- d-----w- C:\Program Files (x86)\VideoLAN
2010-12-02 04:48:07 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Apple Computer
2010-12-02 04:45:25 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Apple
2010-12-02 04:35:06 8192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2010-12-02 04:34:56 140864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2010-12-02 04:34:52 98304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2010-12-02 04:34:23 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2010-12-02 04:34:10 569397 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2010-12-02 04:34:06 -------- d-----w- C:\Program Files (x86)\Common Files\Real
2010-12-02 04:24:08 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-02 04:24:08 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-02 04:20:05 -------- d-----w- C:\Windows\SysWow64\Adobe
2010-12-02 04:01:31 -------- d-----w- C:\Windows\SysWow64\BestPractices
2010-12-02 04:01:31 -------- d-----w- C:\Windows\SUA
2010-12-02 04:01:28 -------- d-----w- C:\Windows\System32\msmq
2010-12-02 04:01:28 -------- d-----w- C:\Windows\System32\BestPractices
2010-12-02 04:01:28 -------- d-----w- C:\Windows\System32\0412
2010-12-02 04:01:26 -------- d-----w- C:\Windows\System32\040B
2010-12-02 04:01:23 -------- d-----w- C:\inetpub
2010-12-02 03:45:50 311296 ----a-w- C:\Windows\SysWow64\Rezip.exe
2010-12-02 03:45:50 212992 ----a-w- C:\Windows\SysWow64\RtlIhvOid.dll
2010-12-02 03:45:48 -------- d-----w- C:\Windows\System32\RtlGina
2010-12-02 03:45:47 -------- d-----w- C:\Program Files (x86)\REALTEK Wireless LAN Software
2010-12-02 03:33:25 -------- d-----w- C:\Program Files\ESET
2010-12-02 03:33:19 -------- d-----w- C:\Windows\fi-FI
2010-12-02 03:33:15 -------- d-----w- C:\Windows\SysWow64\wbem\fi-FI
2010-12-02 03:33:15 -------- d-----w- C:\Windows\SysWow64\fi
2010-12-02 03:33:15 -------- d-----w- C:\Windows\SysWow64\drivers\fi-FI
2010-12-02 03:33:06 -------- d-----w- C:\Windows\System32\fi
2010-12-02 03:33:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI
2010-12-02 03:33:06 -------- d-----w- C:\Windows\System32\drivers\fi-FI
2010-12-02 03:33:04 -------- d-----w- C:\Windows\System32\wbem\fi-FI
2010-12-02 03:24:23 6144 ----a-w- C:\Windows\System32\drivers\UMDF\en-US\WUDFUsbccidDriver.dll.mui
2010-12-02 03:05:54 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\WindowsUpdate
2010-12-02 02:43:31 -------- d-----w- C:\Windows\SysWow64\Wat
2010-12-02 02:43:31 -------- d-----w- C:\Windows\System32\Wat
2010-12-02 02:31:52 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-12-02 02:31:52 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-12-02 02:31:52 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-12-02 02:31:52 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-12-02 02:31:52 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-12-02 02:31:52 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-12-02 02:31:52 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-12-02 02:31:52 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-12-02 02:31:52 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-12-02 02:31:52 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-12-02 02:25:56 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-12-02 02:25:56 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-12-02 02:24:10 -------- d-----w- C:\Program Files\Samsung
2010-12-02 02:23:13 -------- d-----w- C:\Program Files\Synaptics
2010-12-02 02:21:03 406528 ----a-w- C:\Windows\HotfixChecker.exe
2010-12-02 02:19:01 389632 ----a-w- C:\Windows\System32\winlogon.exe
2010-12-02 02:19:01 2870272 ----a-w- C:\Windows\explorer.exe
2010-12-02 02:19:01 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe
2010-12-02 02:19:01 102400 ----a-w- C:\Windows\exploreer.exe
2010-12-02 02:06:57 85504 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2010-12-02 02:03:46 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2010-12-02 02:03:46 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2010-12-02 02:03:13 46592 ----a-w- C:\Windows\System32\msasn1.dll
2010-12-02 02:03:13 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2010-12-02 02:02:36 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2010-12-02 02:02:36 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2010-12-02 02:02:35 982600 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-12-02 01:59:48 69120 ----a-w- C:\Windows\System32\taskhost.exe
2010-12-02 01:58:58 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-12-02 01:58:48 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-12-02 01:58:48 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-12-02 01:58:31 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-12-02 01:58:05 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-12-02 01:58:05 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-12-02 01:56:59 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-12-02 01:56:59 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-12-02 01:56:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-12-02 01:56:59 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-12-02 01:56:55 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-12-02 01:56:55 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-12-02 01:56:55 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-12-02 01:56:54 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-12-02 01:56:54 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-12-02 01:53:36 -------- d-----w- C:\Windows\CheckSur
2010-12-02 01:53:16 327680 ----a-w- C:\Windows\System32\drivers\udfs.sys
2010-12-02 01:52:54 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-12-02 01:52:39 220672 ----a-w- C:\Windows\System32\wintrust.dll
2010-12-02 01:52:39 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2010-12-02 01:52:34 139264 ----a-w- C:\Windows\System32\cabview.dll
2010-12-02 01:52:34 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2010-12-02 01:52:12 345600 ----a-w- C:\Windows\SetLCDStretchMode.exe
2010-12-02 01:50:48 -------- d-----w- C:\Intel
2010-12-02 01:50:47 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2010-12-02 01:50:27 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-12-02 01:49:49 645736 ----a-w- C:\Windows\System32\nvuninst.exe
2010-12-02 01:49:16 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2010-12-02 01:49:16 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2010-12-02 01:49:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2010-12-02 01:49:16 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2010-12-02 01:49:16 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2010-12-02 01:49:16 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2010-12-02 01:49:15 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2010-12-02 01:49:15 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2010-12-02 01:48:21 -------- d-----w- C:\PROGRA~3\SAMSUNG
2010-12-02 01:45:41 39464 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2010-12-02 01:45:41 335400 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2010-12-02 01:45:41 135720 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2010-12-02 01:45:40 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2010-12-02 01:45:40 102440 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2010-12-02 01:44:31 -------- d-----w- C:\Program Files\WIDCOMM
2010-12-02 01:43:32 13824 ----a-w- C:\Windows\System32\drivers\SABI.sys
2010-12-02 01:43:30 -------- d-----w- C:\Program Files (x86)\Samsung
2010-12-02 01:43:11 -------- d-sh--w- C:\Windows\Installer
2010-12-02 01:42:53 -------- d-----w- C:\Program Files (x86)\AnyPC Client
2010-12-02 01:41:41 622624 ----a-w- C:\Windows\System32\drivers\rtl819xp.sys
2010-12-02 01:40:57 158976 ----a-w- C:\Windows\System32\drivers\Impcd.sys
2010-12-02 01:40:55 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2010-12-02 01:40:54 316464 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2010-12-02 01:40:54 214312 ----a-w- C:\Windows\System32\SynTPAPI.dll
2010-12-02 01:40:54 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2010-12-02 01:40:54 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2010-12-02 01:40:53 396584 ----a-w- C:\Windows\System32\SynCOM.dll
2010-12-02 01:40:53 264488 ----a-w- C:\Windows\System32\SynCtrl.dll
2010-12-02 01:40:53 210216 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2010-12-02 01:40:53 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2010-12-02 01:38:00 -------- d-----w- C:\Users\RC5932~1.WIL\AppData\Local\Diagnostics
2010-12-02 01:31:59 -------- d-sh--we C:\PROGRA~3\시작 메뉴
2010-12-02 01:31:59 -------- d-sh--we C:\PROGRA~3\바탕 화면
2010-12-02 01:31:59 -------- d-sh--w- C:\Recovery
2010-12-01 08:24:49 -------- d-----w- C:\Windows\Panther

==================== Find3M ====================

2010-12-29 19:37:34 15768 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2010-12-29 19:37:34 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2010-12-29 19:37:34 13848 ----a-w- C:\Windows\System32\JRSKD24.SYS
2010-12-25 01:06:58 124216 ----a-r- C:\Windows\SysWow64\CKAgent.exe
2010-12-25 01:06:56 943416 ----a-w- C:\Windows\SysWow64\CKSetup32.exe
2010-12-25 01:06:56 70968 ----a-w- C:\Windows\SysWow64\CKKeyProCert.dll
2010-12-25 01:06:56 473400 ----a-w- C:\Windows\SysWow64\CKSetup64.exe
2010-12-25 01:06:56 394552 ----a-w- C:\Windows\SysWow64\XecureCK.dll
2010-12-25 01:06:56 210232 ----a-w- C:\Windows\SysWow64\npKeyPro.dll
2010-12-25 01:06:56 191000 ----a-w- C:\Windows\SysWow64\kcrypto.dll
2010-12-25 01:06:56 181560 ----a-w- C:\Windows\SysWow64\CKApp.dll
2010-12-25 01:06:56 156984 ----a-w- C:\Windows\SysWow64\JRSoftcp.dll
2010-12-25 01:06:56 124216 ----a-r- C:\Windows\System32\CKAgent.exe
2010-12-08 12:21:14 399872 ----a-w- C:\Windows\SysWow64\cukftxcmynhbr.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-28 16:54:12 2166043 ----a-w- C:\Windows\SysWow64\npmonz.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-10-12 00:23:18 106496 ----a-w- C:\Windows\SysWow64\npOrdInstruct.dll
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 20:44:29.58 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 djloekee27

djloekee27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 30 December 2010 - 12:29 AM

i think it's gone. i ran superantispyware and mbam malwarebytes last night, and mbam removed cukftxcmynhbr.dll (cash titan browser enhanser). it doesn't show up in a hijackthis or dds log anymore.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:20 AM

Posted 02 January 2011 - 07:24 AM

Since you are already receiving help here: http://forums.malwarebytes.org/index.php?showtopic=71449&st=0&p=367110&#entry367110, I will close this topic as to avoid any confusion.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users