stars93

Here you go. computer seems to be working perfectly all thanks to your help But i dont get why is combofix is trying to delete my steam? Does it contain a virus? Anyways thank you so much for your time. ComboFix 11-07-20.05 - Sang 07/20/2011 13:59:57.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.2089 [GMT -7:00] Running from: c:\users\Sang\Desktop\ComboFix.exe Command switches used :: c:\users\Sang\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP" "c:\windows\System32\Drivers\40216768.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\steam1\Steam.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_40216768 . . ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 ))))))))))))))))))))))))))))))) . . 2011-07-20 21:05 . 2011-07-20 21:07 -------- d-----w- c:\users\Sang\AppData\Local\temp 2011-07-20 21:05 . 2011-07-20 21:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-07-20 21:05 . 2011-07-20 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-20 03:49 . 2011-07-20 03:49 -------- d-----w- c:\users\Sang\AppData\Roaming\NVIDIA 2011-07-20 03:45 . 2011-07-20 03:45 -------- d--h--w- c:\windows\msdownld.tmp 2011-07-20 03:44 . 2011-07-20 03:44 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP 2011-07-19 20:05 . 2011-07-19 20:05 -------- d-----w- c:\program files\Frogster 2011-07-19 19:00 . 2011-07-20 21:05 -------- d-----w- c:\program files\steam1 2011-07-17 01:03 . 2011-07-17 01:03 -------- d-----w- c:\program files\Microsoft Silverlight 2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\Electronic Arts 2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\Electronic Arts 2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\EA Core 2011-07-10 17:31 . 2011-07-10 17:31 -------- d-----w- c:\program files\Microsoft WSE 2011-07-10 17:24 . 2011-07-10 17:24 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-07-10 17:23 . 2011-07-10 17:24 -------- d-----w- c:\program files\DAEMON Tools Lite 2011-07-10 17:23 . 2011-07-10 17:25 -------- d-----w- c:\users\Sang\AppData\Roaming\DAEMON Tools Lite 2011-07-10 17:23 . 2011-07-10 17:23 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-07-09 15:28 . 2011-07-09 15:28 -------- d-----w- c:\users\Sang\AppData\Local\Adobe 2011-07-07 16:22 . 2010-03-05 02:59 566680 ----a-w- c:\windows\system32\POTWEB.OCX 2011-07-07 16:22 . 2011-07-07 16:22 -------- d-----w- c:\program files\Daum 2011-07-04 19:45 . 2011-07-04 19:45 -------- d-----w- c:\users\Sang\AppData\Local\Apple 2011-07-04 16:38 . 2011-07-04 16:38 -------- d-----w- c:\program files\Common Files\Java 2011-07-04 16:37 . 2011-07-04 16:37 -------- d-----w- c:\program files\Sun 2011-07-04 16:37 . 2011-07-04 16:37 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-03 03:23 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-07-03 03:23 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-07-03 03:23 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-07-03 03:23 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-03 03:23 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-07-03 03:23 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-07-03 03:23 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-07-03 03:23 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-03 03:23 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-03 03:23 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-03 03:23 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-03 02:59 . 2011-07-03 03:00 -------- d-----w- c:\program files\ATITool 2011-06-29 06:27 . 2011-07-20 17:21 -------- d-----w- c:\users\Sang\AppData\Roaming\uTorrent 2011-06-28 18:08 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-28 18:08 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-28 18:08 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-28 18:08 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-28 18:08 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-28 18:08 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-28 18:08 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-28 18:08 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-28 18:08 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-28 18:08 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-27 16:32 . 2011-06-27 16:32 -------- d-----w- c:\users\Sang\AppData\Roaming\Avira 2011-06-27 16:28 . 2011-07-01 14:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-27 16:28 . 2011-07-01 14:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-27 16:28 . 2011-07-01 14:22 -------- d-----w- c:\programdata\Avira 2011-06-27 16:28 . 2011-06-27 16:28 -------- d-----w- c:\program files\Avira 2011-06-27 03:58 . 2011-06-27 03:58 -------- d-----w- c:\program files\Enigma Software Group 2011-06-27 03:57 . 2011-06-27 06:41 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP 2011-06-27 03:57 . 2011-07-20 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-06-27 03:47 . 2011-06-27 03:47 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-27 03:47 . 2011-06-27 03:47 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-24 13:28 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{500FF4E3-CBDD-4EE6-B87A-24D95CB3053C}\mpengine.dll 2011-06-23 23:00 . 2011-06-23 23:00 -------- d-----w- c:\windows\system32\SPReview 2011-06-23 22:59 . 2011-06-23 22:59 -------- d-----w- c:\windows\system32\EventProviders 2011-06-23 03:13 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2011-06-23 03:12 . 2010-11-20 12:21 444928 ----a-w- c:\windows\system32\wvc.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-07 02:52 . 2011-05-14 05:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2011-05-14 05:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 16:37 . 2011-05-14 05:11 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-23 23:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-05-25 06:09 . 2011-04-08 05:45 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-05-25 06:09 . 2011-04-08 05:45 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-05-25 06:09 . 2011-04-08 05:45 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-05-25 06:09 . 2011-04-08 05:44 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-05-25 06:09 . 2011-04-08 05:45 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-05-25 06:09 . 2011-04-08 05:44 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-05-25 06:09 . 2011-07-03 03:23 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-05-25 06:09 . 2011-05-14 05:51 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-05-25 02:14 . 2011-05-14 05:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-21 07:18 . 2011-05-21 07:18 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-21 07:18 . 2011-05-21 07:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-05-21 07:18 . 2011-05-21 07:18 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-05-21 07:18 . 2011-05-21 07:18 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-21 07:18 . 2011-05-21 07:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-05-21 07:18 . 2011-05-21 07:18 367104 ----a-w- c:\windows\system32\html.iec 2011-05-21 07:18 . 2011-05-21 07:18 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-05-21 07:18 . 2011-05-21 07:18 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-21 07:18 . 2011-05-21 07:18 161792 ----a-w- c:\windows\system32\msls31.dll 2011-05-21 07:18 . 2011-05-21 07:18 152064 ----a-w- c:\windows\system32\wextract.exe 2011-05-21 07:18 . 2011-05-21 07:18 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-05-21 07:18 . 2011-05-21 07:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-21 07:18 . 2011-05-21 07:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-21 07:18 . 2011-05-21 07:18 11776 ----a-w- c:\windows\system32\mshta.exe 2011-05-21 07:18 . 2011-05-21 07:18 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-05-21 07:18 . 2011-05-21 07:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-21 07:18 . 2011-05-21 07:18 101888 ----a-w- c:\windows\system32\admparse.dll 2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe 2011-05-17 02:33 . 2011-05-17 02:29 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-05-17 02:33 . 2011-05-16 23:06 189480 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-05-17 02:29 . 2011-05-16 23:07 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-05-16 23:07 . 2011-05-16 23:07 138056 ----a-w- c:\users\Sang\AppData\Roaming\PnkBstrK.sys 2011-05-16 23:06 . 2011-05-16 23:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-05-16 22:48 . 2011-05-16 23:06 3360624 ----a-w- c:\windows\system32\pbsvc.exe 2011-05-14 05:06 . 2011-05-14 05:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-03 04:30 . 2011-06-19 03:19 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 02:46 . 2011-06-19 03:20 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-29 02:46 . 2011-06-19 03:20 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 02:46 . 2011-06-19 03:20 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-27 02:17 . 2011-06-19 03:18 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-27 02:17 . 2011-06-19 03:18 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-27 02:17 . 2011-06-19 03:18 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 04:31 . 2011-06-19 03:20 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-04-25 02:18 . 2011-06-19 03:20 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-22 23:35 . 2011-06-19 15:43 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-22 23:25 . 2011-06-19 15:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-22 19:14 . 2011-05-25 06:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-27 03:47 . 2011-05-14 04:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Steam"="c:\program files\steam1\Steam.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Sang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4] 2011-05-28 21:46 412560 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-05 02:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-07 02:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-04 4004328] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400] R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-10 218688] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-01 428200] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-05 238952] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-26 1336712] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - FSUSBEXDISK . Contents of the 'Scheduled Tasks' folder . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job - c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job - c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daum.net/ uInternet Settings,ProxyOverride = *.local LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_6/DaumActiveX.cab?ver=2,0,0,6 FF - ProfilePath - c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - yahoo.co.kr FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 56020 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . AddRemove-Steam App 17020 - c:\program files\steam1\steam.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\sppsvc.exe c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe c:\program files\IObit\Game Booster\gbtray.exe c:\windows\system32\conhost.exe c:\windows\system32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe . ************************************************************************** . Completion time: 2011-07-20 14:11:31 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-20 21:11 ComboFix2.txt 2011-07-19 18:40 . Pre-Run: 157,518,557,184 bytes free Post-Run: 157,588,664,320 bytes free . - - End Of File - - 3435757C3FA98757F233B1E3714E2516

2011/07/19 11:27:36.0702 5968 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/19 11:27:37.0838 5968 ================================================================================ 2011/07/19 11:27:37.0838 5968 SystemInfo: 2011/07/19 11:27:37.0839 5968 2011/07/19 11:27:37.0839 5968 OS Version: 6.1.7601 ServicePack: 1.0 2011/07/19 11:27:37.0839 5968 Product type: Workstation 2011/07/19 11:27:37.0839 5968 ComputerName: SANG-PC 2011/07/19 11:27:37.0839 5968 UserName: Sang 2011/07/19 11:27:37.0839 5968 Windows directory: C:\Windows 2011/07/19 11:27:37.0839 5968 System windows directory: C:\Windows 2011/07/19 11:27:37.0839 5968 Processor architecture: Intel x86 2011/07/19 11:27:37.0839 5968 Number of processors: 2 2011/07/19 11:27:37.0839 5968 Page size: 0x1000 2011/07/19 11:27:37.0839 5968 Boot type: Normal boot 2011/07/19 11:27:37.0839 5968 ================================================================================ 2011/07/19 11:27:38.0865 5968 Initialize success 2011/07/19 11:27:40.0542 7240 ================================================================================ 2011/07/19 11:27:40.0542 7240 Scan started 2011/07/19 11:27:40.0542 7240 Mode: Manual; 2011/07/19 11:27:40.0542 7240 ================================================================================ 2011/07/19 11:27:41.0510 7240 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/07/19 11:27:41.0566 7240 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/07/19 11:27:41.0616 7240 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/07/19 11:27:41.0665 7240 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/07/19 11:27:41.0713 7240 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/07/19 11:27:41.0735 7240 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/07/19 11:27:41.0804 7240 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 2011/07/19 11:27:41.0858 7240 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/07/19 11:27:41.0910 7240 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/07/19 11:27:41.0985 7240 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/07/19 11:27:42.0015 7240 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/07/19 11:27:42.0039 7240 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/07/19 11:27:42.0090 7240 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/19 11:27:42.0126 7240 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/07/19 11:27:42.0160 7240 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 2011/07/19 11:27:42.0203 7240 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/07/19 11:27:42.0239 7240 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 2011/07/19 11:27:42.0341 7240 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/07/19 11:27:42.0417 7240 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/07/19 11:27:42.0455 7240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/07/19 11:27:42.0524 7240 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/19 11:27:42.0576 7240 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/07/19 11:27:42.0645 7240 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\ATITool.sys 2011/07/19 11:27:42.0714 7240 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/19 11:27:42.0794 7240 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/19 11:27:42.0851 7240 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/07/19 11:27:42.0901 7240 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/07/19 11:27:42.0946 7240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/07/19 11:27:42.0985 7240 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/07/19 11:27:43.0024 7240 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/19 11:27:43.0060 7240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/07/19 11:27:43.0084 7240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/07/19 11:27:43.0113 7240 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/07/19 11:27:43.0134 7240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/07/19 11:27:43.0154 7240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/07/19 11:27:43.0173 7240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/07/19 11:27:43.0193 7240 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/19 11:27:43.0245 7240 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/19 11:27:43.0296 7240 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/19 11:27:43.0332 7240 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/07/19 11:27:43.0370 7240 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/07/19 11:27:43.0440 7240 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/19 11:27:43.0475 7240 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/07/19 11:27:43.0504 7240 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/07/19 11:27:43.0532 7240 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/19 11:27:43.0593 7240 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/07/19 11:27:43.0628 7240 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/07/19 11:27:43.0758 7240 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 2011/07/19 11:27:43.0959 7240 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/07/19 11:27:43.0994 7240 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/07/19 11:27:44.0024 7240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/07/19 11:27:44.0078 7240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/07/19 11:27:44.0143 7240 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 2011/07/19 11:27:44.0187 7240 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/19 11:27:44.0298 7240 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/07/19 11:27:44.0455 7240 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/07/19 11:27:44.0528 7240 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/07/19 11:27:44.0777 7240 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/07/19 11:27:44.0827 7240 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/07/19 11:27:44.0879 7240 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/19 11:27:44.0920 7240 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/07/19 11:27:44.0940 7240 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/07/19 11:27:44.0964 7240 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/19 11:27:45.0005 7240 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/07/19 11:27:45.0041 7240 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/07/19 11:27:45.0097 7240 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS 2011/07/19 11:27:45.0171 7240 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/19 11:27:45.0222 7240 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/19 11:27:45.0253 7240 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/07/19 11:27:45.0294 7240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/19 11:27:45.0353 7240 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys 2011/07/19 11:27:45.0396 7240 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/07/19 11:27:45.0467 7240 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/07/19 11:27:45.0517 7240 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/07/19 11:27:45.0553 7240 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/07/19 11:27:45.0576 7240 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/07/19 11:27:45.0613 7240 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/07/19 11:27:45.0672 7240 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/07/19 11:27:45.0748 7240 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/07/19 11:27:45.0790 7240 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/07/19 11:27:45.0848 7240 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/07/19 11:27:45.0896 7240 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/07/19 11:27:45.0949 7240 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 2011/07/19 11:27:45.0995 7240 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/07/19 11:27:46.0084 7240 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys 2011/07/19 11:27:46.0257 7240 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/07/19 11:27:46.0315 7240 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/19 11:27:46.0359 7240 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/19 11:27:46.0413 7240 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/07/19 11:27:46.0452 7240 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/07/19 11:27:46.0494 7240 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/07/19 11:27:46.0531 7240 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/07/19 11:27:46.0571 7240 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/07/19 11:27:46.0612 7240 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/07/19 11:27:46.0659 7240 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/07/19 11:27:46.0720 7240 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/19 11:27:46.0773 7240 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/07/19 11:27:46.0876 7240 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/19 11:27:46.0923 7240 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/07/19 11:27:46.0946 7240 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/07/19 11:27:46.0965 7240 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/07/19 11:27:46.0983 7240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/07/19 11:27:47.0019 7240 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/07/19 11:27:47.0065 7240 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/07/19 11:27:47.0107 7240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/07/19 11:27:47.0152 7240 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/07/19 11:27:47.0183 7240 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/07/19 11:27:47.0216 7240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/19 11:27:47.0272 7240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/07/19 11:27:47.0391 7240 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/19 11:27:47.0436 7240 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/07/19 11:27:47.0473 7240 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/07/19 11:27:47.0502 7240 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/19 11:27:47.0558 7240 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/07/19 11:27:47.0591 7240 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/19 11:27:47.0628 7240 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/19 11:27:47.0666 7240 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/19 11:27:47.0725 7240 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/07/19 11:27:47.0772 7240 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/07/19 11:27:47.0830 7240 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/07/19 11:27:47.0849 7240 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/07/19 11:27:47.0891 7240 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/07/19 11:27:47.0939 7240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/19 11:27:47.0959 7240 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/19 11:27:47.0972 7240 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/07/19 11:27:48.0002 7240 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/07/19 11:27:48.0048 7240 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/07/19 11:27:48.0090 7240 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/07/19 11:27:48.0108 7240 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/07/19 11:27:48.0137 7240 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/07/19 11:27:48.0177 7240 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/19 11:27:48.0239 7240 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/07/19 11:27:48.0298 7240 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/07/19 11:27:48.0342 7240 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/19 11:27:48.0398 7240 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/19 11:27:48.0443 7240 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/19 11:27:48.0528 7240 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/07/19 11:27:48.0568 7240 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/19 11:27:48.0609 7240 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/19 11:27:48.0744 7240 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/07/19 11:27:48.0789 7240 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/07/19 11:27:48.0832 7240 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/19 11:27:48.0954 7240 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 2011/07/19 11:27:49.0037 7240 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/07/19 11:27:49.0241 7240 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/07/19 11:27:49.0526 7240 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 2011/07/19 11:27:49.0578 7240 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 2011/07/19 11:27:49.0833 7240 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/07/19 11:27:49.0885 7240 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/07/19 11:27:49.0927 7240 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/07/19 11:27:49.0979 7240 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/07/19 11:27:50.0004 7240 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/07/19 11:27:50.0055 7240 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/07/19 11:27:50.0151 7240 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/07/19 11:27:50.0179 7240 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/19 11:27:50.0209 7240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/07/19 11:27:50.0253 7240 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/07/19 11:27:50.0517 7240 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/19 11:27:50.0574 7240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/07/19 11:27:50.0734 7240 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/19 11:27:50.0784 7240 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/07/19 11:27:50.0846 7240 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/07/19 11:27:50.0886 7240 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/19 11:27:50.0939 7240 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/19 11:27:50.0987 7240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/07/19 11:27:51.0029 7240 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/19 11:27:51.0059 7240 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/19 11:27:51.0129 7240 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/19 11:27:51.0182 7240 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/19 11:27:51.0230 7240 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/07/19 11:27:51.0282 7240 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/19 11:27:51.0332 7240 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 2011/07/19 11:27:51.0368 7240 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/19 11:27:51.0405 7240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/07/19 11:27:51.0474 7240 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys 2011/07/19 11:27:51.0530 7240 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/07/19 11:27:51.0632 7240 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/07/19 11:27:51.0774 7240 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/19 11:27:51.0815 7240 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/07/19 11:27:51.0889 7240 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 2011/07/19 11:27:51.0959 7240 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/07/19 11:27:52.0018 7240 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/07/19 11:27:52.0090 7240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/19 11:27:52.0162 7240 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/19 11:27:52.0196 7240 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/07/19 11:27:52.0242 7240 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/07/19 11:27:52.0301 7240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/07/19 11:27:52.0351 7240 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/19 11:27:52.0413 7240 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/19 11:27:52.0454 7240 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/19 11:27:52.0522 7240 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/07/19 11:27:52.0549 7240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/07/19 11:27:52.0588 7240 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/07/19 11:27:52.0658 7240 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2011/07/19 11:27:52.0729 7240 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/07/19 11:27:52.0756 7240 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/07/19 11:27:52.0829 7240 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 2011/07/19 11:27:52.0866 7240 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/19 11:27:52.0902 7240 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/19 11:27:52.0957 7240 sscdbus (86b6905742d77775b558ab19c091d181) C:\Windows\system32\DRIVERS\sscdbus.sys 2011/07/19 11:27:53.0024 7240 sscdmdfl (d6b1ca82860d2fa5558eb2c3fcf566ec) C:\Windows\system32\DRIVERS\sscdmdfl.sys 2011/07/19 11:27:53.0065 7240 sscdmdm (84cb615598553a146930cac8c10f9a31) C:\Windows\system32\DRIVERS\sscdmdm.sys 2011/07/19 11:27:53.0132 7240 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/07/19 11:27:53.0182 7240 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys 2011/07/19 11:27:53.0221 7240 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys 2011/07/19 11:27:53.0249 7240 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys 2011/07/19 11:27:53.0311 7240 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/07/19 11:27:53.0370 7240 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 2011/07/19 11:27:53.0403 7240 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 2011/07/19 11:27:53.0426 7240 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/07/19 11:27:53.0544 7240 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys 2011/07/19 11:27:53.0648 7240 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/19 11:27:53.0765 7240 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/19 11:27:53.0844 7240 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/07/19 11:27:53.0879 7240 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/07/19 11:27:53.0930 7240 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/19 11:27:54.0106 7240 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/07/19 11:27:54.0226 7240 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/19 11:27:54.0308 7240 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/07/19 11:27:54.0410 7240 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/19 11:27:54.0464 7240 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/07/19 11:27:54.0507 7240 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/19 11:27:54.0566 7240 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/19 11:27:54.0619 7240 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/07/19 11:27:54.0680 7240 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/19 11:27:54.0744 7240 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/19 11:27:54.0784 7240 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/07/19 11:27:54.0874 7240 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/19 11:27:54.0958 7240 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/19 11:27:55.0006 7240 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 2011/07/19 11:27:55.0037 7240 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/19 11:27:55.0077 7240 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/19 11:27:55.0126 7240 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS 2011/07/19 11:27:55.0166 7240 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/19 11:27:55.0216 7240 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/07/19 11:27:55.0257 7240 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/19 11:27:55.0295 7240 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/07/19 11:27:55.0396 7240 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/07/19 11:27:55.0481 7240 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/07/19 11:27:55.0527 7240 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/07/19 11:27:55.0564 7240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/07/19 11:27:55.0612 7240 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 2011/07/19 11:27:55.0655 7240 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 2011/07/19 11:27:55.0718 7240 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/07/19 11:27:55.0773 7240 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/07/19 11:27:55.0822 7240 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/07/19 11:27:55.0857 7240 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/07/19 11:27:55.0887 7240 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/07/19 11:27:55.0933 7240 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/07/19 11:27:55.0975 7240 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/19 11:27:55.0989 7240 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/19 11:27:56.0048 7240 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/07/19 11:27:56.0085 7240 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/19 11:27:56.0145 7240 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/07/19 11:27:56.0170 7240 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/07/19 11:27:56.0255 7240 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/07/19 11:27:56.0308 7240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/07/19 11:27:56.0374 7240 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/19 11:27:56.0451 7240 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/07/19 11:27:56.0525 7240 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/19 11:27:56.0583 7240 xcbdaNtscV (d697099edc21307965518f7db5972eb9) C:\Windows\system32\DRIVERS\xcbdaV.sys 2011/07/19 11:27:56.0643 7240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/07/19 11:27:56.0652 7240 Boot (0x1200) (fceef006914383e4a9eabe87a3550c78) \Device\Harddisk0\DR0\Partition0 2011/07/19 11:27:56.0696 7240 Boot (0x1200) (d5589805bbec41617064f4e3955cf253) \Device\Harddisk0\DR0\Partition1 2011/07/19 11:27:56.0723 7240 ================================================================================ 2011/07/19 11:27:56.0723 7240 Scan finished 2011/07/19 11:27:56.0723 7240 ================================================================================ 2011/07/19 11:27:56.0733 6160 Detected object count: 0 2011/07/19 11:27:56.0733 6160 Actual detected object count: 0 2011/07/19 11:28:00.0673 7824 Deinitialize success ComboFix 11-07-19.03 - Sang 07/19/2011 11:34:15.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1929 [GMT -7:00] Running from: c:\users\Sang\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\steam1\Steam.exe c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136} c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136}\chrome\xulcache.jar c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136}\install.rdf c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61} c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\chrome.manifest c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\chrome\xulcache.jar c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\defaults\preferences\xulcache.js c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\install.rdf c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0} c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0}\chrome\xulcache.jar c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0}\install.rdf c:\windows\system32\Ijl11.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 ))))))))))))))))))))))))))))))) . . 2011-07-19 18:39 . 2011-07-19 18:39 -------- d-----w- c:\users\Sang\AppData\Local\temp 2011-07-19 18:39 . 2011-07-19 18:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-07-19 18:39 . 2011-07-19 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-17 01:03 . 2011-07-17 01:03 -------- d-----w- c:\program files\Microsoft Silverlight 2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\Electronic Arts 2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\Electronic Arts 2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\EA Core 2011-07-10 17:31 . 2011-07-10 17:31 -------- d-----w- c:\program files\Microsoft WSE 2011-07-10 17:24 . 2011-07-10 17:24 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-07-10 17:23 . 2011-07-10 17:24 -------- d-----w- c:\program files\DAEMON Tools Lite 2011-07-10 17:23 . 2011-07-10 17:25 -------- d-----w- c:\users\Sang\AppData\Roaming\DAEMON Tools Lite 2011-07-10 17:23 . 2011-07-10 17:23 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-07-09 15:28 . 2011-07-09 15:28 -------- d-----w- c:\users\Sang\AppData\Local\Adobe 2011-07-07 16:22 . 2010-03-05 02:59 566680 ----a-w- c:\windows\system32\POTWEB.OCX 2011-07-07 16:22 . 2011-07-07 16:22 -------- d-----w- c:\program files\Daum 2011-07-04 19:45 . 2011-07-04 19:45 -------- d-----w- c:\users\Sang\AppData\Local\Apple 2011-07-04 16:38 . 2011-07-04 16:38 -------- d-----w- c:\program files\Common Files\Java 2011-07-04 16:37 . 2011-07-04 16:37 -------- d-----w- c:\program files\Sun 2011-07-04 16:37 . 2011-07-04 16:37 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-03 03:23 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-07-03 03:23 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-07-03 03:23 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-07-03 03:23 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-03 03:23 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-07-03 03:23 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-07-03 03:23 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-07-03 03:23 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-03 03:23 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-03 03:23 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-03 03:23 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-03 02:59 . 2011-07-03 03:00 -------- d-----w- c:\program files\ATITool 2011-06-29 06:27 . 2011-07-19 18:33 -------- d-----w- c:\users\Sang\AppData\Roaming\uTorrent 2011-06-28 18:08 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-28 18:08 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-06-28 18:08 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-06-28 18:08 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-28 18:08 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-28 18:08 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-28 18:08 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-28 18:08 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-28 18:08 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-28 18:08 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-27 16:32 . 2011-06-27 16:32 -------- d-----w- c:\users\Sang\AppData\Roaming\Avira 2011-06-27 16:28 . 2011-07-01 14:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-06-27 16:28 . 2011-07-01 14:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-27 16:28 . 2011-07-01 14:22 -------- d-----w- c:\programdata\Avira 2011-06-27 16:28 . 2011-06-27 16:28 -------- d-----w- c:\program files\Avira 2011-06-27 03:58 . 2011-06-27 03:58 -------- d-----w- c:\program files\Enigma Software Group 2011-06-27 03:57 . 2011-06-27 06:41 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP 2011-06-27 03:57 . 2011-06-27 03:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-06-27 03:47 . 2011-06-27 03:47 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-27 03:47 . 2011-06-27 03:47 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-24 13:28 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{500FF4E3-CBDD-4EE6-B87A-24D95CB3053C}\mpengine.dll 2011-06-23 23:00 . 2011-06-23 23:00 -------- d-----w- c:\windows\system32\SPReview 2011-06-23 22:59 . 2011-06-23 22:59 -------- d-----w- c:\windows\system32\EventProviders 2011-06-23 03:13 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2011-06-23 03:12 . 2010-11-20 12:21 444928 ----a-w- c:\windows\system32\wvc.dll 2011-06-20 03:38 . 2011-06-20 03:38 -------- d-----w- C:\Riot Games 2011-06-20 03:26 . 2011-06-20 15:48 -------- d-----w- c:\users\Sang\AppData\Local\LogMeIn Hamachi . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-07 02:52 . 2011-05-14 05:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52 . 2011-05-14 05:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 16:37 . 2011-05-14 05:11 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-23 23:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-05-25 06:09 . 2011-04-08 05:45 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-05-25 06:09 . 2011-04-08 05:45 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-05-25 06:09 . 2011-04-08 05:45 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-05-25 06:09 . 2011-04-08 05:44 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-05-25 06:09 . 2011-04-08 05:45 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-05-25 06:09 . 2011-04-08 05:44 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-05-25 06:09 . 2011-07-03 03:23 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-05-25 06:09 . 2011-05-14 05:51 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-05-25 02:14 . 2011-05-14 05:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-21 07:18 . 2011-05-21 07:18 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-21 07:18 . 2011-05-21 07:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-05-21 07:18 . 2011-05-21 07:18 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-05-21 07:18 . 2011-05-21 07:18 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-21 07:18 . 2011-05-21 07:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-05-21 07:18 . 2011-05-21 07:18 367104 ----a-w- c:\windows\system32\html.iec 2011-05-21 07:18 . 2011-05-21 07:18 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-05-21 07:18 . 2011-05-21 07:18 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-21 07:18 . 2011-05-21 07:18 161792 ----a-w- c:\windows\system32\msls31.dll 2011-05-21 07:18 . 2011-05-21 07:18 152064 ----a-w- c:\windows\system32\wextract.exe 2011-05-21 07:18 . 2011-05-21 07:18 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-05-21 07:18 . 2011-05-21 07:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-21 07:18 . 2011-05-21 07:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-21 07:18 . 2011-05-21 07:18 11776 ----a-w- c:\windows\system32\mshta.exe 2011-05-21 07:18 . 2011-05-21 07:18 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-05-21 07:18 . 2011-05-21 07:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-21 07:18 . 2011-05-21 07:18 101888 ----a-w- c:\windows\system32\admparse.dll 2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe 2011-05-17 02:33 . 2011-05-17 02:29 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-05-17 02:33 . 2011-05-16 23:06 189480 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-05-17 02:29 . 2011-05-16 23:07 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-05-16 23:07 . 2011-05-16 23:07 138056 ----a-w- c:\users\Sang\AppData\Roaming\PnkBstrK.sys 2011-05-16 23:06 . 2011-05-16 23:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2011-05-16 22:48 . 2011-05-16 23:06 3360624 ----a-w- c:\windows\system32\pbsvc.exe 2011-05-14 05:06 . 2011-05-14 05:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-03 04:30 . 2011-06-19 03:19 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 02:46 . 2011-06-19 03:20 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-29 02:46 . 2011-06-19 03:20 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 02:46 . 2011-06-19 03:20 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-27 02:17 . 2011-06-19 03:18 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-27 02:17 . 2011-06-19 03:18 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-27 02:17 . 2011-06-19 03:18 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 04:31 . 2011-06-19 03:20 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-04-25 02:18 . 2011-06-19 03:20 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-22 23:35 . 2011-06-19 15:43 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-04-22 23:25 . 2011-06-19 15:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-04-22 19:14 . 2011-05-25 06:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-06-27 03:47 . 2011-05-14 04:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKLM\~\startupfolder\C:^Users^Sang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4] 2011-05-28 21:46 412560 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] 2010-07-05 02:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-07 02:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-04 4004328] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400] R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-10 218688] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-01 428200] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-05 238952] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-26 1336712] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 40216768 *Deregistered* - 40216768 . Contents of the 'Scheduled Tasks' folder . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job - c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18] . 2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job - c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.daum.net/ uInternet Settings,ProxyOverride = *.local LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_6/DaumActiveX.cab?ver=2,0,0,6 FF - ProfilePath - c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - yahoo.co.kr FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 56020 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Steam - c:\program files\steam1\Steam.exe MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-Steam - c:\program files\steam1\Steam.exe AddRemove-Steam App 102700 - c:\program files\steam1\steam.exe AddRemove-Steam App 105600 - c:\program files\steam1\steam.exe AddRemove-Steam App 440 - c:\program files\steam1\steam.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-19 11:40:59 ComboFix-quarantined-files.txt 2011-07-19 18:40 . Pre-Run: 163,601,129,472 bytes free Post-Run: 163,316,625,408 bytes free . - - End Of File - - 1452CFAB687B2341E346F8F7C123F5BD Results of screen317's Security Check version 0.99.17 Windows 7 Service Pack 1 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 26 Java SE Development Kit 6 Update 26 Java DB 10.6.2.1 Adobe Flash Player 10.3.181.14 Adobe Reader X (10.0.1) Adobe Reader Out of Date! Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` Wow this is a long list to review.. I really appreciate your help. Thank You for everything And one thing, after i ran combofix all my internet browsers didnt work saying they cant load a page. But they worked fine after a restart.

I have not done anything special to fix this problem but the scanning of TDDSSKiller says nothing is found...

One day, i scanned the computer with MBAM and i found 4 viruses that said malware.trace i clicked "remove" then it said they were deleted, quarantined successfully and i rebooted the computer. But when i scanned another time i found same exact viruses found in the same exact location. They keep on reappearing even after all the process of removal. please help!! Internet Explorer 9.0.8112.16421 7/4/2011 9:26:41 AM mbam-log-2011-07-04 (09-26-41).txt Scan type: Quick scan Objects scanned: 161394 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\System32\0200000070232f221363c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363s.manifest (Malware.Trace) -> Quarantined and deleted successfully. I later got a feedback that says use a program called OTL and post these logs. OTL Extras logfile created on: 7/11/2011 9:19:10 AM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sang\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.00% Memory free 6.00 Gb Paging File | 4.92 Gb Available in Paging File | 81.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.84 Gb Total Space | 165.39 Gb Free Space | 57.86% Space Free | Partition Type: NTFS Drive D: | 12.25 Gb Total Space | 0.01 Gb Free Space | 0.09% Space Free | Partition Type: NTFS Drive K: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: SANG-PC | User Name: Sang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %* [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %* [HKEY_USERS\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26 "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java SE Development Kit 6 Update 26 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{571CB303-4267-4D92-B45C-9B79ACC18632}" = Daum ActiveX ÄÁÆ®·Ñ - ? ???? "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1 "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{9480A7FC-C476-4881-A92C-2E415DD362AE}" = DVR-Net "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "ATITool" = ATITool Overclocking Utility "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "DtsFilter" = DTS+AC3 Filter "Game Booster_is1" = Game Booster "GOM Player" = GOM Player "GomTV Launcher Plugin" = GOMTV Plug-in "InstallPath" = SplashFightersIjji "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "Smart Defrag 2_is1" = Smart Defrag 2 "Steam App 102700" = Alliance of Valiant Arms "Steam App 105600" = Terraria "Steam App 440" = Team Fortress 2 "uTorrent" = µTorrent ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 "반디집" = 반디집 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/11/2011 11:38:29 AM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026 Description = Error - 7/11/2011 11:38:31 AM | Computer Name = Sang-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065, time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting process id: 0xb4c Faulting application start time: 0x01cc3fe0939617d0 Faulting application path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: d40a5e22-abd3-11e0-afb7-0023543b9b91 Error - 7/11/2011 11:42:38 AM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026 Description = Error - 7/11/2011 11:42:38 AM | Computer Name = Sang-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065, time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting process id: 0xa3c Faulting application start time: 0x01cc3fe12434ad32 Faulting application path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 677571b7-abd4-11e0-ba54-0023543b9b91 Error - 7/11/2011 12:01:08 PM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026 Description = Error - 7/11/2011 12:01:09 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065, time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting process id: 0xf6c Faulting application start time: 0x01cc3fe3bd0e8204 Faulting application path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: fdaf3a4f-abd6-11e0-bc58-0023543b9b91 Error - 7/11/2011 12:05:33 PM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026 Description = Error - 7/11/2011 12:05:34 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000 Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065, time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting process id: 0xbf0 Faulting application start time: 0x01cc3fe45bb810c1 Faulting application path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll Report Id: 9b52c6e6-abd7-11e0-bc58-0023543b9b91 Error - 7/11/2011 12:11:37 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000 Description = Faulting application name: TSM.exe, version: 0.0.0.7201, time stamp: 0x4d55f689 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x30411ab0 Faulting process id: 0x7b8 Faulting application start time: 0x01cc3fe46f22e67a Faulting application path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\TSM.exe Faulting module path: unknown Report Id: 73d2a1bf-abd8-11e0-bc58-0023543b9b91 Error - 7/11/2011 12:14:32 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000 Description = Faulting application name: TSM.exe, version: 0.0.0.7201, time stamp: 0x4d55f689 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x1ae1ade0 Faulting process id: 0xf14 Faulting application start time: 0x01cc3fe55957bade Faulting application path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\TSM.exe Faulting module path: unknown Report Id: dc1c5a53-abd8-11e0-bc58-0023543b9b91 [ System Events ] Error - 7/11/2011 11:45:44 AM | Computer Name = Sang-PC | Source = nvlddmkm | ID = 11141134 Description = Error - 7/11/2011 11:46:19 AM | Computer Name = Sang-PC | Source = PNRPSvc | ID = 102 Description = Error - 7/11/2011 11:46:19 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 7/11/2011 11:46:19 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = PNRPSvc | ID = 102 Description = Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = PNRPSvc | ID = 102 Description = Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 < End of report > OTL logfile created on: 7/11/2011 9:19:10 AM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sang\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.00% Memory free 6.00 Gb Paging File | 4.92 Gb Available in Paging File | 81.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.84 Gb Total Space | 165.39 Gb Free Space | 57.86% Space Free | Partition Type: NTFS Drive D: | 12.25 Gb Total Space | 0.01 Gb Free Space | 0.09% Space Free | Partition Type: NTFS Drive K: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: SANG-PC | User Name: Sang | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/11 09:16:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sang\Downloads\OTL.scr PRC - [2011/07/01 07:18:44 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011/07/01 07:18:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/15 14:51:08 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe PRC - [2011/06/08 20:19:24 | 001,583,960 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011/05/24 23:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011/05/24 23:09:07 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011/05/24 23:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/20 02:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 05:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe ========== Modules (SafeList) ========== MOD - [2011/07/11 09:16:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sang\Downloads\OTL.scr MOD - [2010/11/20 05:19:26 | 000,374,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMETIP.DLL MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll MOD - [2009/07/13 18:15:36 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrtip.dll MOD - [2009/07/13 18:15:36 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrapi.dll MOD - [2009/07/13 18:15:35 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMJKAPI.DLL ========== Win32 Services (SafeList) ========== SRV - [2011/07/01 07:18:44 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/07/01 07:18:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/27 01:01:51 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService) SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/05/24 23:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/05/14 00:46:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/04/04 16:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) ========== Driver Services (SafeList) ========== DRV - [2011/07/10 10:24:04 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/07/01 07:18:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/01 07:18:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/05/24 23:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/10/14 22:28:44 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2009/10/14 22:28:44 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2009/10/14 22:28:44 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2009/09/18 22:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009/09/18 22:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009/09/18 22:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009/07/13 15:54:14 | 000,157,568 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbdaV.sys -- (xcbdaNtscV) ViXS Tuner Card (NTSC) DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2006/11/10 06:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data] IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/ IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 60 B3 9B EF 11 CC 01 [binary data] IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data] IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data] ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "yahoo.co.kr" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 56020 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Sang\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Sang\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 20:47:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/04 09:37:39 | 000,000,000 | ---D | M] [2011/05/22 11:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sang\AppData\Roaming\Mozilla\Extensions [2011/06/30 09:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions [2011/06/18 20:08:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136} [2011/07/03 06:20:49 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61} [2011/06/18 20:08:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0} [2011/05/27 12:05:15 | 000,002,574 | ---- | M] () -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\searchplugins\askcom.xml [2011/05/22 10:26:27 | 000,002,264 | ---- | M] () -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\searchplugins\bing-zugo.xml [2011/07/04 09:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/07/04 09:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/26 20:47:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/07/04 09:37:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001..\Run: [steam] C:\Program Files\steam1\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3335826871-767681240-3273376228-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_6/DaumActiveX.cab?ver=2,0,0,6 (Daum ActiveX manager Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/02/16 15:30:09 | 000,048,912 | R--- | M] (Electronic Arts) - K:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010/11/22 17:09:03 | 000,000,052 | R--- | M] () - K:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{f3e397ae-7de5-11e0-8dc6-0023543b9b91}\Shell - "" = AutoRun O33 - MountPoints2\{f3e397ae-7de5-11e0-8dc6-0023543b9b91}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{fc17332e-aaff-11e0-aabf-0023543b9b91}\Shell - "" = AutoRun O33 - MountPoints2\{fc17332e-aaff-11e0-aabf-0023543b9b91}\Shell\AutoRun\command - "" = K:\Autorun.exe -- [2011/02/16 15:30:09 | 000,048,912 | R--- | M] (Electronic Arts) O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %* O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %* O37 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/11 08:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2011/07/10 10:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011/07/10 10:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011/07/10 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Sang\Documents\Electronic Arts [2011/07/10 10:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2011/07/10 10:24:04 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011/07/10 10:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011/07/10 10:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2011/07/10 10:23:44 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\DAEMON Tools Lite [2011/07/10 10:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011/07/09 08:28:17 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\Adobe [2011/07/07 09:22:24 | 000,566,680 | ---- | C] (Daum Communications) -- C:\Windows\System32\POTWEB.OCX [2011/07/07 09:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Daum [2011/07/07 09:22:15 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum [2011/07/04 12:45:03 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\Apple [2011/07/04 09:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/07/04 09:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sun [2011/07/03 10:02:01 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/07/02 20:23:15 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011/07/02 19:59:55 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATITool [2011/07/02 19:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATITool [2011/07/02 19:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATITool [2011/06/28 23:27:57 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\uTorrent [2011/06/27 09:32:11 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Avira [2011/06/27 09:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/06/27 09:28:54 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011/06/27 09:28:54 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011/06/27 09:28:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011/06/27 09:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/06/27 09:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011/06/26 20:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/06/26 20:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2011/06/26 12:39:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/06/23 16:00:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011/06/23 15:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011/06/22 20:13:01 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2011/06/20 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus [2011/06/19 20:38:08 | 000,000,000 | ---D | C] -- C:\Riot Games [2011/06/19 20:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2011/06/19 20:26:45 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\LogMeIn Hamachi [2011/06/19 20:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011/06/19 20:18:33 | 000,000,000 | ---D | C] -- C:\Users\Sang\Desktop\LeagueOfLegends [2011/06/19 10:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4 [2011/06/18 20:47:06 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\ElevatedDiagnostics [2011/06/18 20:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\steam1 [2011/06/18 20:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011/06/13 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\SmartDraw [2011/06/13 21:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw VP [2011/06/13 18:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011/06/13 17:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop CS5.1 [2011/06/13 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/06/13 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2011/06/13 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2011/06/12 21:09:19 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\Yahoo! [2011/06/11 19:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011/06/11 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\Sang\Documents\My Games [2011/06/11 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA [2011/06/11 18:43:02 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011/06/11 13:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Sang\Desktop\*.tmp files -> C:\Users\Sang\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/11 09:06:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job [2011/07/11 08:52:53 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk [2011/07/11 08:51:01 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/11 08:50:59 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/11 08:50:45 | 000,655,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/07/11 08:50:45 | 000,118,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/07/11 08:45:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/11 08:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/11 08:45:37 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys [2011/07/11 08:23:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/10 10:24:04 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011/07/10 10:24:00 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011/07/10 10:06:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job [2011/07/08 15:24:38 | 000,000,217 | ---- | M] () -- C:\Users\Sang\Desktop\Alliance of Valiant Arms.url [2011/07/06 09:51:04 | 000,000,126 | ---- | M] () -- C:\Windows\System32\1518332610 [2011/07/05 11:26:26 | 000,000,080 | ---- | M] () -- C:\ProgramData\7051fab2 [2011/07/03 10:02:02 | 000,002,306 | ---- | M] () -- C:\Users\Sang\Desktop\Google Chrome.lnk [2011/07/03 08:07:14 | 000,005,335 | ---- | M] () -- C:\Users\Sang\AppData\Roaming\FDBE.091 [2011/07/01 07:18:45 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011/07/01 07:18:45 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011/06/29 09:01:32 | 000,292,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/06/27 09:29:03 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/06/26 19:22:26 | 000,011,220 | -HS- | M] () -- C:\Users\Sang\AppData\Local\448fqp1244v2itbh10ux24jwrf07 [2011/06/26 19:22:26 | 000,011,220 | -HS- | M] () -- C:\ProgramData\3145034876 [2011/06/26 19:22:07 | 000,011,824 | -HS- | M] () -- C:\ProgramData\448fqp1244v2itbh10ux24jwrf07 [2011/06/26 12:35:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011/06/24 18:18:23 | 000,000,214 | ---- | M] () -- C:\Users\Sang\Desktop\Team Fortress 2.url [2011/06/19 20:41:21 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2011/06/19 10:04:20 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk [2011/06/18 20:23:31 | 000,000,217 | ---- | M] () -- C:\Users\Sang\Desktop\Terraria.url [2011/06/18 20:21:16 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2011/06/13 22:39:15 | 000,066,902 | ---- | M] () -- C:\Users\Sang\Documents\first floor.sdr [2011/06/13 22:34:46 | 000,082,925 | ---- | M] () -- C:\Users\Sang\Documents\Second Floor.sdr [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Sang\Desktop\*.tmp files -> C:\Users\Sang\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/11 08:52:53 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk [2011/07/10 10:24:00 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2011/07/08 15:24:38 | 000,000,217 | ---- | C] () -- C:\Users\Sang\Desktop\Alliance of Valiant Arms.url [2011/07/03 10:02:02 | 000,002,306 | ---- | C] () -- C:\Users\Sang\Desktop\Google Chrome.lnk [2011/07/03 10:01:37 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job [2011/07/03 10:01:33 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job [2011/06/30 09:46:34 | 000,000,126 | ---- | C] () -- C:\Windows\System32\1518332610 [2011/06/27 09:29:03 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/06/26 19:11:28 | 000,011,220 | -HS- | C] () -- C:\Users\Sang\AppData\Local\448fqp1244v2itbh10ux24jwrf07 [2011/06/26 19:11:28 | 000,011,220 | -HS- | C] () -- C:\ProgramData\3145034876 [2011/06/26 19:11:08 | 000,011,824 | -HS- | C] () -- C:\ProgramData\448fqp1244v2itbh10ux24jwrf07 [2011/06/24 18:17:36 | 000,000,214 | ---- | C] () -- C:\Users\Sang\Desktop\Team Fortress 2.url [2011/06/22 20:14:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/06/22 20:14:07 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011/06/22 20:12:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/06/22 20:12:40 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011/06/22 20:12:30 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2011/06/19 20:41:21 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2011/06/19 10:04:21 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/06/19 10:04:21 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/06/19 10:04:20 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk [2011/06/18 20:21:16 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2011/06/14 13:26:03 | 000,000,080 | ---- | C] () -- C:\ProgramData\7051fab2 [2011/06/13 22:32:39 | 000,082,925 | ---- | C] () -- C:\Users\Sang\Documents\Second Floor.sdr [2011/06/13 22:03:20 | 000,066,902 | ---- | C] () -- C:\Users\Sang\Documents\first floor.sdr [2011/06/11 18:43:02 | 000,000,217 | ---- | C] () -- C:\Users\Sang\Desktop\Terraria.url [2011/05/29 15:02:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011/05/24 22:54:10 | 000,001,252 | -HS- | C] () -- C:\Users\Sang\AppData\Local\t2342bpnbb47w8 [2011/05/24 22:54:10 | 000,001,252 | -HS- | C] () -- C:\ProgramData\t2342bpnbb47w8 [2011/05/24 22:53:56 | 000,005,335 | ---- | C] () -- C:\Users\Sang\AppData\Roaming\FDBE.091 [2011/05/23 22:03:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011/05/23 22:03:32 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011/05/16 16:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Sang\AppData\Roaming\PnkBstrK.sys [2011/05/16 16:07:30 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011/05/16 16:06:15 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011/05/16 16:06:11 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011/05/16 16:06:11 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011/05/13 22:16:47 | 001,089,536 | ---- | C] () -- C:\Windows\System32\decoderdll.dll [2011/05/13 22:16:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\netdecdll.dll [2011/05/13 22:16:47 | 000,024,576 | ---- | C] () -- C:\Windows\System32\decompress.dll [2011/05/13 22:16:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CSCC.DLL [2011/05/13 22:16:47 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll [2011/05/13 21:54:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:33:53 | 000,292,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 19:05:48 | 000,655,438 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 19:05:48 | 000,118,564 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006/11/10 06:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys ========== LOP Check ========== [2011/05/14 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\Auslogics [2011/06/13 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/07/10 10:25:08 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\DAEMON Tools Lite [2011/05/20 18:22:36 | 000,000,000 | -H-D | M] -- C:\Users\Sang\AppData\Roaming\ijjigame [2011/05/14 08:06:58 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\IObit [2011/05/13 23:34:02 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\LolClient [2011/05/13 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\OpenOffice.org [2011/05/23 22:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\Samsung [2011/06/18 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\SmartDraw [2011/07/10 23:54:16 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\uTorrent [2011/06/26 19:54:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe < MD5 for: USERINIT.EXE > [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/26 20:47:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/21 00:18:36 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/26 20:47:02 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/21 00:18:36 | 000,748,336 | ---- | M] (Microsoft Corporation) < > ========== Files - Unicode (All) ========== [2011/07/05 11:27:09 | 000,000,000 | ---D | M](C:\Users\Sang\Desktop\???) -- C:\Users\Sang\Desktop\엄마꺼 [2011/05/23 21:25:56 | 000,000,000 | ---D | C](C:\Users\Sang\Desktop\???) -- C:\Users\Sang\Desktop\엄마꺼 [2011/05/13 21:49:05 | 000,001,130 | ---- | M] ()(C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\???.lnk) -- C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\반디집.lnk [2011/05/13 21:49:05 | 000,001,130 | ---- | C] ()(C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\???.lnk) -- C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\반디집.lnk (C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???) -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\반디집 ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >

One day, i scanned the computer with MBAM and i found 4 viruses that said malware.trace i clicked "remove" then it said they were deleted, quarantined successfully and i rebooted the computer. But when i scanned another time i found same exact viruses found in the same exact location. They keep on reappearing even after all the process of removal. please help!! Internet Explorer 9.0.8112.16421 7/4/2011 9:26:41 AM mbam-log-2011-07-04 (09-26-41).txt Scan type: Quick scan Objects scanned: 161394 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\System32\0200000070232f221363c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

One day, i scanned the computer with MBAM and i found 4 viruses that said malware.trace i clicked "remove" then it said they were deleted, quarantined successfully and i rebooted the computer. But when i scanned another time i found same exact viruses found in the same exact location. They keep on reappearing even after all the process of removal. please help!! Internet Explorer 9.0.8112.16421 7/4/2011 9:26:41 AM mbam-log-2011-07-04 (09-26-41).txt Scan type: Quick scan Objects scanned: 161394 Time elapsed: 3 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\System32\0200000070232f221363c.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363o.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363p.manifest (Malware.Trace) -> Quarantined and deleted successfully. c:\Windows\System32\0200000070232f221363s.manifest (Malware.Trace) -> Quarantined and deleted successfully.