Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

I am infected with rootkit or worse


Netizen
 Share

Recommended Posts

My computer is getting slower and after running a GMER Rootkit Scanner everthing stop.

I had detected rootkit and deleted serveral times.

Here is log files

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5564

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2011-01-21 ?? 3:17:03

mbam-log-2011-01-21 (15-17-03).txt

Scan type: Full scan (C:\|)

Objects scanned: 36708

Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\administrator.main1\application data\thinstall\autohideip\1000000b00002i\rundll32.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\administrator.main1\application data\thinstall\autohideip\4000009c00002i\IEXPLORE.EXE (Rootkit.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\administrator.main1\application data\thinstall\autohideip\400000e000002i\firefox.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Administrator at 20:24:16.25 on 2011-01-21

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.1406.633 [GMT -5:00]

AV: ?? *Enabled/Updated* {B9431E5A-E196-4B6F-843A-10E01DB25461}

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\ZioFile\ExpressService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\beefile.com\Beefile(fast)\NetAccelerator.exe

C:\WINDOWS\system32\npkcmsvc.exe

C:\Program Files\OnDisk\OnDiskDownService.exe

C:\Program Files\QuickDownloadService\qdownagent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\UTSCSI.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\RayV\RayV\RayV.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

svchost.exe

C:\Program Files\ESTsoft\ALYac\AYAgent.aye

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Administrator.MAIN1\?? ??\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://kr.yahoo.com/ilc76

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ?TV ???: {375a6ab2-feec-445d-b853-2139fb561f80} - c:\progra~1\gretech\gomtvh~1\ghelper.dll

BHO: ALToolbarBho Class: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - c:\program files\estsoft\altoolbar\ALToolBand_1650.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - c:\program files\estsoft\altoolbar\ALToolBand_1650.dll

uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC

mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName

mRun: [soundMan] "SOUNDMAN.EXE"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [Korean IME Migration] "c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [DragSearch] c:\documents and settings\all users.windows\application data\dragsearch\Updater.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] ctfmon.exe

IE: Google ?????... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: ??? ????(&Q) - c:\program files\estsoft\altoolbar\ALToolBand_1650.dll/23/SEARCH.HTML

IE: {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {013BCEA5-8309-448b-8604-85F23D7861A5} - {375A6AB2-FEEC-445D-B853-2139FB561F80} - c:\progra~1\gretech\gomtvh~1\ghelper.dll

IE: {0A07354E-A092-490f-9597-BA096721A26D} - {D700729C-E1F0-4D92-8C00-DEDEB6A69D88}

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61.cab

DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab

DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB

DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab

DPF: {48ACDFDC-9F77-422E-A207-03E4FCE6BF5C} - hxxp://yahoo.myfolder.net/InnoFD.cab

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab

DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} - hxxp://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab

DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab

DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256884841828

DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} - hxxp://imbbs.imbc.com/controls/BBSFileUpload.cab

DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://members.hangame.com/common/CKKeyProInst.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256985826281

DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} - hxxp://www.nhis.co.kr/real/DWSocket_NH.cab

DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} - hxxp://143.248.182.120/applex_wdigm/activex//PrivacyScannerXP.cab

DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab

DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} - hxxp://wo.tk.co.kr/webstarter/webstarter.cab

DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} - hxxp://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab

DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab

DPF: {811576B0-FD69-4414-8C43-AB30546C102D} - hxxp://down.speeddownload.kr/info/SpeedDownAxProj.cab

DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame/js/mail/HGReport.cab

DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cab

DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://pann.nate.com/html/editor/CyPictureU.cab?20090430

DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} - hxxp://www.bomul.com/common/InnoFD/bomul_zdnet.cab

DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab

DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} - hxxp://www.beefile.com/mmsv/BeefileWebControl.CAB

DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/100929/kdfense8.cab

DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab

DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} - hxxp://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab

DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab

DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} - hxxp://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://member.hangame.com/common/HanSetup1040.cab

DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} - hxxp://muhanfile.net/p2p/ActiveX/SeverFileX.ocx

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.92/appx/pdpopax.cab

DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxps://supdate.nprotect.net/nprotect2007/keycrypt/sci/br/npkcx_1004271.cab

DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} - hxxps://web.teledit.com/Sign/SKCommAX.cab

DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab

DPF: {F67C8301-3928-4CAC-8914-16363551D293} - hxxp://www.iprovest.com/wts/object/KbcWeb.cab

DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} - hxxp://i-plus.jssearch.net/ActiveX/IPlusInstall.cab

Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll

Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - c:\program files\estsoft\altoolbar\ALToolBarProtocol.dll

Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.mai\applic~1\mozilla\firefox\profiles\j5s9qsp7.default\

FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll

FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll

FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-21 11608]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-21 61960]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-3 54760]

R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2010-3-9 31328]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-10-30 45824]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-10-9 36432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-6 20952]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-10-30 56960]

S0 dtemd;dtemd;c:\windows\system32\drivers\iygmo.sys --> c:\windows\system32\drivers\iygmo.sys [?]

S0 ffrxnhol;ffrxnhol;c:\windows\system32\drivers\rqxd.sys --> c:\windows\system32\drivers\rqxd.sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]

S3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\jakndis.sys --> c:\windows\system32\drivers\JakNDis.sys [?]

S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-9-3 39944]

S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-7-19 126048]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\prodefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]

S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2011-01-22 00:15:11 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-22 00:14:37 -------- d-----w- c:\program files\Avira

2011-01-22 00:14:37 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Avira

2011-01-21 20:08:41 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\DragSearch

2011-01-21 07:18:41 5890896 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\windows defender\definition updates\{8c3dbfd7-fe13-4a2a-8fbf-147aaff3cb7a}\mpengine.dll

2011-01-19 00:59:25 -------- d-----w- c:\program files\PFConfig

2011-01-19 00:54:41 -------- d-----w- c:\windows\vbSkinner

2011-01-18 21:47:33 -------- d-----w- c:\docume~1\admini~1.mai\locals~1\applic~1\Vitalwerks

2011-01-18 21:46:48 -------- d-----w- c:\program files\No-IP

2011-01-18 02:51:20 -------- d-----w- c:\docume~1\admini~1.mai\applic~1\Thinstall

2011-01-15 01:32:53 -------- d-----w- c:\program files\Spy Net Removal Tool

2011-01-15 01:22:53 -------- d-----w- c:\windows\system32\install

2011-01-14 22:15:30 -------- d-----w- c:\program files\Video Enhancer

2011-01-09 23:45:46 -------- d-----w- c:\docume~1\admini~1.mai\applic~1\Rovio

2011-01-08 22:45:23 -------- d-----w- c:\program files\beefile.com

2011-01-08 22:38:01 -------- d-----w- c:\program files\spamcop

==================== Find3M ====================

2010-12-29 00:15:24 126048 ----a-w- c:\windows\system32\kcrtx86.sys

2010-12-29 00:15:23 39944 ----a-w- c:\windows\system32\JRSKD24.SYS

2010-12-29 00:15:23 17160 ----a-w- c:\windows\system32\JRSUKD25.SYS

2010-12-12 00:20:34 83288 ----a-w- c:\windows\system32\kdfapi.dll

2010-12-12 00:20:34 59976 ----a-w- c:\windows\system32\Kdfhok.dll

2010-12-12 00:20:34 192512 ----a-w- c:\windows\system32\kdfvmgr.exe

2010-12-12 00:20:32 61440 ----a-w- c:\windows\system32\proDefense.dll

2010-12-12 00:20:31 961176 ----a-w- c:\windows\system32\KQXRAAGP.exe

2010-12-12 00:20:31 314120 ----a-w- c:\windows\system32\kdfmod.dll

2010-12-12 00:19:49 547984 ----a-w- c:\windows\system32\kdfinj.dll

2010-12-11 00:20:11 45056 ----a-w- c:\windows\system32\UTSCSI.EXE

2010-11-21 22:26:57 78 ----a-w- c:\windows\system32\fscagent.ini.tmp

2010-11-21 04:58:49 307 ----a-w- c:\windows\system32\fscflist.ini.tmp

2010-11-18 18:12:40 77824 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 09:15:53 3276800 ----a-w- c:\windows\system32\clubbox.exe

2010-11-10 08:03:32 167936 ----a-w- c:\windows\system32\downengine.dll

2010-11-09 14:51:42 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:21:13 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-04 08:13:51 6839370 ----a-w- c:\windows\system32\2ndrive_setup.exe

2010-11-04 07:26:55 45419 ----a-w- c:\windows\system32\clubboxuninstall.exe

2010-11-03 12:26:15 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:21 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05:11 1852928 ----a-w- c:\windows\system32\win32k.sys

2008-03-09 11:25:10 236 ----a-w- c:\program files\common files\dx.reg

============= FINISH: 20:33:05.37 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2009-10-30 ?? 2:16:00

System Uptime: 2011-01-21 ?? 7:57:46 (1 hours ago)

Motherboard: MICRO-STAR | | MS-7145

Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2193/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 77.288 GiB free.

D: is Removable

F: is Removable

G: is Removable

H: is CDROM ()

I: is Removable

K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP52: 2010-12-07 ?? 2:05:56 - Software Distribution Service 3.0

RP53: 2010-12-08 ?? 3:35:02 - ??? ???

RP54: 2010-12-10 ?? 12:03:34 - ??? ???

RP55: 2010-12-10 ?? 6:12:06 - Software Distribution Service 3.0

RP56: 2010-12-11 ?? 9:55:45 - ??? ???

RP57: 2010-12-13 ?? 12:20:10 - ??? ???

RP58: 2010-12-14 ?? 12:33:01 - ??? ???

RP59: 2010-12-15 ?? 1:21:01 - ??? ???

RP60: 2010-12-15 ?? 9:34:23 - Software Distribution Service 3.0

RP61: 2010-12-16 ?? 3:53:48 - Software Distribution Service 3.0

RP62: 2010-12-17 ?? 4:48:59 - Software Distribution Service 3.0

RP63: 2010-12-18 ?? 5:09:14 - ??? ???

RP64: 2010-12-19 ?? 5:44:06 - ??? ???

RP65: 2010-12-20 ?? 6:43:52 - ??? ???

RP66: 2010-12-20 ?? 7:01:45 - Installed AVG Free 8.5

RP67: 2010-12-20 ?? 7:12:01 - Avg8 Update

RP68: 2010-12-20 ?? 7:34:34 - Avg8 Update

RP69: 2010-12-20 ?? 7:36:55 - Avg8 Update

RP70: 2010-12-20 ?? 7:54:31 - Removed AVG Free 8.5

RP71: 2010-12-20 ?? 7:56:33 - Installed AVG Free 8.5

RP72: 2010-12-21 ?? 5:01:18 - Software Distribution Service 3.0

RP73: 2010-12-22 ?? 5:34:12 - ??? ???

RP74: 2010-12-23 ?? 6:34:10 - ??? ???

RP75: 2010-12-24 ?? 7:34:10 - ??? ???

RP76: 2010-12-24 ?? 6:59:38 - Software Distribution Service 3.0

RP77: 2010-12-26 ?? 5:37:08 - ??? ???

RP78: 2010-12-27 ?? 6:33:57 - ??? ???

RP79: 2010-12-28 ?? 2:39:36 - Software Distribution Service 3.0

RP80: 2010-12-30 ?? 5:22:53 - ??? ???

RP81: 2010-12-30 ?? 5:05:56 - Software Distribution Service 3.0

RP82: 2010-12-31 ?? 11:42:09 - Software Distribution Service 3.0

RP83: 2011-01-01 ?? 12:33:57 - ??? ???

RP84: 2011-01-02 ?? 1:33:57 - ??? ???

RP85: 2011-01-03 ?? 2:33:42 - ??? ???

RP86: 2011-01-04 ?? 2:51:22 - Software Distribution Service 3.0

RP87: 2011-01-05 ?? 3:51:00 - ??? ???

RP88: 2011-01-06 ?? 4:00:13 - ??? ???

RP89: 2011-01-07 ?? 4:39:35 - Software Distribution Service 3.0

RP90: 2011-01-07 ?? 9:44:44 - Software Distribution Service 3.0

RP91: 2011-01-08 ?? 10:31:09 - ??? ???

RP92: 2011-01-09 ?? 10:33:15 - ??? ???

RP93: 2011-01-11 ?? 12:31:44 - ??? ???

RP94: 2011-01-11 ?? 5:44:32 - Software Distribution Service 3.0

RP95: 2011-01-12 ?? 3:00:23 - Software Distribution Service 3.0

RP96: 2011-01-13 ?? 3:02:32 - ??? ???

RP97: 2011-01-14 ?? 3:25:53 - ??? ???

RP98: 2011-01-14 ?? 12:44:38 - Software Distribution Service 3.0

RP99: 2011-01-17 ?? 1:48:43 - ??? ???

RP100: 2011-01-18 ?? 2:11:48 - Software Distribution Service 3.0

RP101: 2011-01-19 ?? 2:56:19 - ??? ???

RP102: 2011-01-20 ?? 3:56:18 - ??? ???

RP103: 2011-01-21 ?? 2:17:50 - Software Distribution Service 3.0

==== Installed Programs ======================

????

?????

?TV ????

?TV??? ??

?TV??????

????

?? ????, 11?? ???? ???

??

??

??

???

??? ????

????? (Remove Only)

????

?????? 5

????

????

???? ???

???? ???????

???

??? ?? ????

ActiveX 1.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1 - Korean

Apple Application Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Auto Mouse 1.3

Avira AntiVir Personal - Free Antivirus

BGM ?? ???? ??

BitTorrent

CCleaner

ClientKeeper KeyPro with E2E for 32bit

CoreAAC Audio Decoder (remove only)

DirectX10 RC2 Pre Fix 3

DTS+AC3 ??

EPSON Printer Software

EPSON Scan

FormatFactory 2.50

Game ???

Game ??

Game ??

Google Earth Plug-in

Google Update Helper

GPKISecureWeb

GSplit 3

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB954550-v5)

HP Drive Key Boot Utility

INISafeWeb 7.0 (SFilter 1.0)

Java Auto Updater

Java 6 Update 22

Junk Mail filter update

K-Defense8 Control - ??? ??

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 ??? ?? ?

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base ??? ?? ??? ??? ??? ???

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Korean) 2007

Microsoft Office Excel 2007 Help ???? (KB963678)

Microsoft Office Excel MUI (Korean) 2007

Microsoft Office IME (Korean) 2007

Microsoft Office InfoPath MUI (Korean) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Korean) 2007

Microsoft Office Powerpoint 2007 Help ???? (KB963669)

Microsoft Office PowerPoint MUI (Korean) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Korean) 2007

Microsoft Office Proofing (Korean) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Korean) 2007

Microsoft Office Shared MUI (Korean) 2007

Microsoft Office Word 2007 Help ???? (KB963665)

Microsoft Office Word MUI (Korean) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Korean) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Windows? ????(KB971513)

Mozilla Firefox (3.6.9)

MPEG2??(libmpeg2/mad)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

No-IP DUC

nProtect KeyCrypt

nProtect Netizen(remove only)

Number Press 5.0.3

QuickDownloadService

QuickTime

RayV-MIM

Realtek AC'97 Audio

REALTEK GbE & FE Ethernet PCI NIC Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Search 4 - KB963093

Segoe UI

Soft Data Fax Modem with SmartCP

Sophos Anti-Rootkit 1.5.4

Spybot - Search & Destroy

ThreatExpert Memory Scanner 1.0

TKGame ????

TKGame ???? ????

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Outlook 2007 Junk Email Filter (KB2483110)

WebFldrs XP

Win 1.4.1

Windows Defender

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Internet Explorer 8? ?? ???? (KB2183461)

Windows Internet Explorer 8? ?? ???? (KB2360131)

Windows Internet Explorer 8? ?? ???? (KB2416400)

Windows Internet Explorer 8? ?? ???? (KB971961)

Windows Internet Explorer 8? ?? ???? (KB974455)

Windows Internet Explorer 8? ?? ???? (KB981332)

Windows Internet Explorer 8? ?? ???? (KB982381)

Windows Internet Explorer 8? ???? (KB2362765)

Windows Internet Explorer 8? ???? (KB976662)

Windows Internet Explorer 8? ???? (KB976749)

Windows Internet Explorer 8? ???? (KB980182)

Windows Internet Explorer 8? ???? (KB982664)

Windows Live ?? ?? ??

Windows Live ??? ???

Windows Live ??

Windows Live ?? ???

Windows Live ??? ??

Windows Live ?? ???

Windows Live Call

Windows Live Communications Platform

Windows Live Messenger

Windows Live Sync

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11 ?? ????(KB954154)

Windows Media Player 11 ???(KB939683)

Windows Media Player ?? ????(KB2378111)

Windows Media Player ?? ????(KB952069)

Windows Media Player ?? ????(KB954155)

Windows Media Player ?? ????(KB968816)

Windows Media Player ?? ????(KB973540)

Windows Media Player ?? ????(KB975558)

Windows Media Player ?? ????(KB978695)

Windows Media Player ?? ????(KB979402)

Windows Resource Kit Tools - SubInAcl.exe

Windows Search 4.0

Windows XP ?? ????(KB941569)

Windows XP Service Pack 3

Windows XP? ?? ???? (KB2079403)

Windows XP? ?? ???? (KB2115168)

Windows XP? ?? ???? (KB2121546)

Windows XP? ?? ???? (KB2160329)

Windows XP? ?? ???? (KB2229593)

Windows XP? ?? ???? (KB2259922)

Windows XP? ?? ???? (KB2279986)

Windows XP? ?? ???? (KB2286198)

Windows XP? ?? ???? (KB2296011)

Windows XP? ?? ???? (KB2296199)

Windows XP? ?? ???? (KB2347290)

Windows XP? ?? ???? (KB2360937)

Windows XP? ?? ???? (KB2387149)

Windows XP? ?? ???? (KB2419632)

Windows XP? ?? ???? (KB2423089)

Windows XP? ?? ???? (KB2436673)

Windows XP? ?? ???? (KB2440591)

Windows XP? ?? ???? (KB2443105)

Windows XP? ?? ???? (KB923561)

Windows XP? ?? ???? (KB946648)

Windows XP? ?? ???? (KB950762)

Windows XP? ?? ???? (KB950974)

Windows XP? ?? ???? (KB951066)

Windows XP? ?? ???? (KB951376-v2)

Windows XP? ?? ???? (KB951748)

Windows XP? ?? ???? (KB952004)

Windows XP? ?? ???? (KB952954)

Windows XP? ?? ???? (KB954459)

Windows XP? ?? ???? (KB955069)

Windows XP? ?? ???? (KB956572)

Windows XP? ?? ???? (KB956744)

Windows XP? ?? ???? (KB956802)

Windows XP? ?? ???? (KB956803)

Windows XP? ?? ???? (KB956844)

Windows XP? ?? ???? (KB957097)

Windows XP? ?? ???? (KB958644)

Windows XP? ?? ???? (KB958687)

Windows XP? ?? ???? (KB958869)

Windows XP? ?? ???? (KB959426)

Windows XP? ?? ???? (KB960225)

Windows XP? ?? ???? (KB960803)

Windows XP? ?? ???? (KB960859)

Windows XP? ?? ???? (KB961371-v2)

Windows XP? ?? ???? (KB961501)

Windows XP? ?? ???? (KB968537)

Windows XP? ?? ???? (KB969059)

Windows XP? ?? ???? (KB969947)

Windows XP? ?? ???? (KB970238)

Windows XP? ?? ???? (KB970430)

Windows XP? ?? ???? (KB971468)

Windows XP? ?? ???? (KB971486)

Windows XP? ?? ???? (KB971557)

Windows XP? ?? ???? (KB971633)

Windows XP? ?? ???? (KB971657)

Windows XP? ?? ???? (KB972270)

Windows XP? ?? ???? (KB973354)

Windows XP? ?? ???? (KB973507)

Windows XP? ?? ???? (KB973525)

Windows XP? ?? ???? (KB973869)

Windows XP? ?? ???? (KB973904)

Windows XP? ?? ???? (KB974112)

Windows XP? ?? ???? (KB974318)

Windows XP? ?? ???? (KB974392)

Windows XP? ?? ???? (KB974571)

Windows XP? ?? ???? (KB975025)

Windows XP? ?? ???? (KB975467)

Windows XP? ?? ???? (KB975560)

Windows XP? ?? ???? (KB975561)

Windows XP? ?? ???? (KB975562)

Windows XP? ?? ???? (KB975713)

Windows XP? ?? ???? (KB977816)

Windows XP? ?? ???? (KB977914)

Windows XP? ?? ???? (KB978037)

Windows XP? ?? ???? (KB978262)

Windows XP? ?? ???? (KB978338)

Windows XP? ?? ???? (KB978542)

Windows XP? ?? ???? (KB978601)

Windows XP? ?? ???? (KB978706)

Windows XP? ?? ???? (KB979309)

Windows XP? ?? ???? (KB979482)

Windows XP? ?? ???? (KB979559)

Windows XP? ?? ???? (KB979683)

Windows XP? ?? ???? (KB979687)

Windows XP? ?? ???? (KB980195)

Windows XP? ?? ???? (KB980218)

Windows XP? ?? ???? (KB980232)

Windows XP? ?? ???? (KB980436)

Windows XP? ?? ???? (KB981322)

Windows XP? ?? ???? (KB981852)

Windows XP? ?? ???? (KB981957)

Windows XP? ?? ???? (KB981997)

Windows XP? ?? ???? (KB982132)

Windows XP? ?? ???? (KB982214)

Windows XP? ?? ???? (KB982665)

Windows XP? ?? ???? (KB982802)

Windows XP? ???? (KB2141007)

Windows XP? ???? (KB2345886)

Windows XP? ???? (KB2467659)

Windows XP? ???? (KB951978)

Windows XP? ???? (KB955759)

Windows XP? ???? (KB961503)

Windows XP? ???? (KB967715)

Windows XP? ???? (KB968389)

Windows XP? ???? (KB971737)

Windows XP? ???? (KB973687)

Windows XP? ???? (KB973815)

Windows XP? ??? (KB2158563)

Windows XP? ??? (KB2443685)

Windows XP? ??? (KB952287)

Windows XP? ??? (KB970653-v3)

Windows XP? ??? (KB981793)

WinPcap 4.1.1

XecureWeb Control

Yahoo! Software Update

==== End Of File ===========================

Link to post
Share on other sites

Hello Netizen! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Step 1

First of all, you should not have more than one anti-virus program installed as they will conflict and cause problems. You have two so you need to uninstall one of them. Of the two, I would recommend keeping

Link to post
Share on other sites

It took me to load windows more than 20mins.

Here are the log files.

I am attaching the jpg file too.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5573

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2011-01-22 ?? 5:28:01

mbam-log-2011-01-22 (17-28-01).txt

Scan type: Quick scan

Objects scanned: 280772

Time elapsed: 30 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\reggenieonuninstall.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Administrator at 18:12:43.32 on 2011-01-22

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\ZioFile\ExpressService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\beefile.com\Beefile(fast)\NetAccelerator.exe

C:\WINDOWS\system32\npkcmsvc.exe

C:\Program Files\OnDisk\OnDiskDownService.exe

C:\Program Files\QuickDownloadService\qdownagent.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\QuickDownloadService\qdownservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\RayV\RayV\RayV.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Administrator.MAIN1\?? ??\dds.scr

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://kr.yahoo.com/ilc76

mStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ?TV ???: {375a6ab2-feec-445d-b853-2139fb561f80} - c:\progra~1\gretech\gomtvh~1\ghelper.dll

BHO: ALToolbarBho Class: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - c:\program files\estsoft\altoolbar\ALToolBand_1650.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - c:\program files\estsoft\altoolbar\ALToolBand_1650.dll

uRun: [RayV] c:\program files\rayv\rayv\RayV.exe /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC

mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName

mRun: [soundMan] "SOUNDMAN.EXE"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [Korean IME Migration] "c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [DragSearch] c:\documents and settings\all users.windows\application data\dragsearch\Updater.exe

mRun: [RegGenie Scheduler] c:\program files\reggenie\RegGenieScheduler.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] ctfmon.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: Google ?????... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: ??? ????(&Q) - c:\program files\estsoft\altoolbar\ALToolBand_1650.dll/23/SEARCH.HTML

IE: {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {013BCEA5-8309-448b-8604-85F23D7861A5} - {375A6AB2-FEEC-445D-B853-2139FB561F80} - c:\progra~1\gretech\gomtvh~1\ghelper.dll

IE: {0A07354E-A092-490f-9597-BA096721A26D} - {D700729C-E1F0-4D92-8C00-DEDEB6A69D88}

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61.cab

DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab

DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB

DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab

DPF: {48ACDFDC-9F77-422E-A207-03E4FCE6BF5C} - hxxp://yahoo.myfolder.net/InnoFD.cab

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab

DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} - hxxp://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab

DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab

DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256884841828

DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} - hxxp://imbbs.imbc.com/controls/BBSFileUpload.cab

DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://members.hangame.com/common/CKKeyProInst.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256985826281

DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} - hxxp://www.nhis.co.kr/real/DWSocket_NH.cab

DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} - hxxp://143.248.182.120/applex_wdigm/activex//PrivacyScannerXP.cab

DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab

DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} - hxxp://wo.tk.co.kr/webstarter/webstarter.cab

DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} - hxxp://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab

DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab

DPF: {811576B0-FD69-4414-8C43-AB30546C102D} - hxxp://down.speeddownload.kr/info/SpeedDownAxProj.cab

DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame/js/mail/HGReport.cab

DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cab

DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://pann.nate.com/html/editor/CyPictureU.cab?20090430

DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} - hxxp://www.bomul.com/common/InnoFD/bomul_zdnet.cab

DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab

DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} - hxxp://www.beefile.com/mmsv/BeefileWebControl.CAB

DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/100929/kdfense8.cab

DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab

DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} - hxxp://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab

DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab

DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} - hxxp://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://member.hangame.com/common/HanSetup1040.cab

DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} - hxxp://muhanfile.net/p2p/ActiveX/SeverFileX.ocx

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.92/appx/pdpopax.cab

DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxps://supdate.nprotect.net/nprotect2007/keycrypt/sci/br/npkcx_1004271.cab

DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} - hxxps://web.teledit.com/Sign/SKCommAX.cab

DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab

DPF: {F67C8301-3928-4CAC-8914-16363551D293} - hxxp://www.iprovest.com/wts/object/KbcWeb.cab

DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} - hxxp://i-plus.jssearch.net/ActiveX/IPlusInstall.cab

Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll

Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - c:\program files\estsoft\altoolbar\ALToolBarProtocol.dll

Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.mai\applic~1\mozilla\firefox\profiles\j5s9qsp7.default\

FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll

FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll

FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

============= SERVICES / DRIVERS ===============

R? appliandMP;appliandMP

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? dtemd;dtemd

R? ffrxnhol;ffrxnhol

R? fsssvc;Windows Live

R? gupdate;Google Update Service (gupdate)

R? JakNDisMP;JakNDisMP

R? JRSKD24;JRSKD24

R? kcrtx86;kcrtx86

R? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service

R? NPF;NetGroup Packet Filter Driver

R? ProDefense;ProDefense

R? scsk5;SCSK5 Driver Service

R? TfFsMon;TfFsMon

R? TfNetMon;TfNetMon

R? TfSysMon;TfSysMon

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? AntiVirSchedulerService;Avira AntiVir Scheduler

S? AntiVirService;Avira AntiVir Guard

S? avgio;avgio

S? avgntflt;avgntflt

S? ExpressService;ExpressService

S? fssfltr;fssfltr

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? NetAccelerator;NetAccelerator_Service

S? npkakl;npkakl

S? OnDiskDownService;OnDisk Download Service

S? ousb2hub;OrangeWare USB 2.0 Root Hub Support

S? ousbehci;OrangeWare USB Enhanced Host Controller Service

S? QuickDownload Agent;QuickDownload Agent

S? QuickDownload Service;QuickDownload Service

S? tmpreflt;tmpreflt

=============== Created Last 30 ================

2011-01-22 23:16:11 -------- d-----w- c:\docume~1\admini~1.mai\applic~1\Avira

2011-01-22 22:38:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-22 22:38:33 -------- d-----w- c:\program files\Avira

2011-01-22 22:38:33 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Avira

2011-01-22 21:44:26 -------- d-----w- c:\docume~1\admini~1.mai\applic~1\RegGenie

2011-01-22 21:37:57 -------- d-----w- c:\program files\RegGenie

2011-01-21 20:08:41 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\DragSearch

2011-01-19 00:59:25 -------- d-----w- c:\program files\PFConfig

2011-01-19 00:54:41 -------- d-----w- c:\windows\vbSkinner

2011-01-18 21:47:33 -------- d-----w- c:\docume~1\admini~1.mai\locals~1\applic~1\Vitalwerks

2011-01-18 21:46:48 -------- d-----w- c:\program files\No-IP

2011-01-18 02:51:20 -------- d-----w- c:\docume~1\admini~1.mai\applic~1\Thinstall

2011-01-15 01:32:53 -------- d-----w- c:\program files\Spy Net Removal Tool

2011-01-15 01:22:53 -------- d-----w- c:\windows\system32\install

2011-01-14 22:15:30 -------- d-----w- c:\program files\Video Enhancer

2011-01-09 23:45:46 -------- d-----w- c:\docume~1\admini~1.mai\applic~1\Rovio

2011-01-08 22:45:23 -------- d-----w- c:\program files\beefile.com

2011-01-08 22:38:01 -------- d-----w- c:\program files\spamcop

==================== Find3M ====================

2010-12-29 00:15:24 126048 ----a-w- c:\windows\system32\kcrtx86.sys

2010-12-29 00:15:23 39944 ----a-w- c:\windows\system32\JRSKD24.SYS

2010-12-29 00:15:23 17160 ----a-w- c:\windows\system32\JRSUKD25.SYS

2010-12-12 00:20:34 83288 ----a-w- c:\windows\system32\kdfapi.dll

2010-12-12 00:20:34 59976 ----a-w- c:\windows\system32\Kdfhok.dll

2010-12-12 00:20:34 192512 ----a-w- c:\windows\system32\kdfvmgr.exe

2010-12-12 00:20:32 61440 ----a-w- c:\windows\system32\proDefense.dll

2010-12-12 00:20:31 961176 ----a-w- c:\windows\system32\KQXRAAGP.exe

2010-12-12 00:20:31 314120 ----a-w- c:\windows\system32\kdfmod.dll

2010-12-12 00:19:49 547984 ----a-w- c:\windows\system32\kdfinj.dll

2010-12-11 00:20:11 45056 ----a-w- c:\windows\system32\UTSCSI.EXE

2010-11-21 22:26:57 78 ----a-w- c:\windows\system32\fscagent.ini.tmp

2010-11-21 04:58:49 307 ----a-w- c:\windows\system32\fscflist.ini.tmp

2010-11-18 18:12:40 77824 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 09:15:53 3276800 ----a-w- c:\windows\system32\clubbox.exe

2010-11-10 08:03:32 167936 ----a-w- c:\windows\system32\downengine.dll

2010-11-09 14:51:42 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:21:13 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21:09 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:21:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-04 08:13:51 6839370 ----a-w- c:\windows\system32\2ndrive_setup.exe

2010-11-04 07:26:55 45419 ----a-w- c:\windows\system32\clubboxuninstall.exe

2010-11-03 12:26:15 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:21 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 14:05:11 1852928 ----a-w- c:\windows\system32\win32k.sys

2008-03-09 11:25:10 236 ----a-w- c:\program files\common files\dx.reg

============= FINISH: 18:22:00.45 ===============

post-53244-1295738930_thumb.jpg

Link to post
Share on other sites

I am attaching the jpg file too.

It's okay, legitimate file there is nothing to worry about.

Now:

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

You tried with Clean up a failed uninstall ?

There are two options when I click AppRemover. I used those two options. When I click Remove Security Application it detects three programs.

I uninstall those three programs but, the combofix is not working. Other option cannot detect any programs.

Link to post
Share on other sites

  • Download OTL (by OldTimer):
    1. OTL.exe
    2. OTL.com
    3. OTL.scr

    [*]Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.

    [*]When the window appears, underneath Output at the top change it to Minimal Output.

    [*]Under the Standard Registry box change it to All.

    [*]Check the boxes beside LOP Check and Purity Check.

    [*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

I did exactly you wrote but it only open one file. OTL.txt

OTL logfile created on: 2011-01-23 ?? 7:42:51 - Run 5

OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: ???? | Language: KOR | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 77.06 Gb Free Space | 51.71% Space Free | Partition Type: NTFS

Computer Name: MAIN1 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL\OTL.com (OldTimer Tools)

PRC - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\RayV\RayV\RayV.exe (RayV)

PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\IMKR12.IME (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- File not found

SRV - (NetAccelerator) -- C:\Program Files\beefile.com\Beefile(fast)\NetAccelerator.exe (ebase)

SRV - (ExpressService) -- C:\Program Files\ZioFile\ExpressService.exe (ExpressService)

SRV - (UTSCSI) -- C:\WINDOWS\system32\UTSCSI.EXE ()

SRV - (OnDiskDownService) -- C:\Program Files\OnDisk\OnDiskDownService.exe (?????)

SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- File not found

DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)

DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (rspSanity) -- C:\WINDOWS\system32\drivers\rspSanity32.sys (Resplendence Software Projects Sp.)

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)

DRV - (NOWMEMDF) -- C:\WINDOWS\system32\nowmemdf.sys (©NOWCOM)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (AFD) -- C:\WINDOWS\System32\drivers\afd.sy@ (Microsoft Corporation)

DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ousb2hub) -- C:\WINDOWS\system32\drivers\ousb2hub.sys (OrangeWare Corporation)

DRV - (ousbehci) -- C:\WINDOWS\system32\drivers\ousbehci.sys (OrangeWare Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kr.yahoo.com/ilc76

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ko

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3

FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.2.1.3

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-06-04 16:02:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-09 14:44:28 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-27 17:58:29 | 000,000,000 | ---D | M]

[2010-10-02 15:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Extensions

[2010-10-02 15:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011-01-17 21:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Firefox\Profiles\j5s9qsp7.default\extensions

[2011-01-17 21:55:08 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Firefox\Profiles\j5s9qsp7.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2011-01-17 21:55:13 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Mozilla\Firefox\Profiles\j5s9qsp7.default\extensions\engine@conduit.com

[2010-11-29 16:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-10-02 16:25:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-11-12 15:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010-06-04 16:02:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010-08-24 21:38:21 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010-08-24 21:38:21 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-08-24 21:38:21 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010-11-06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010-08-24 19:56:13 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010-08-24 19:56:13 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml

[2010-08-24 19:56:13 | 000,007,980 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml

[2010-08-24 19:56:13 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010-08-24 19:56:13 | 000,004,262 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml

[2010-08-24 19:56:13 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml

[2010-08-24 19:56:13 | 000,001,103 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml

O1 HOSTS File: ([2011-01-16 10:59:35 | 000,427,907 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14759 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (?TV ???) - {375A6AB2-FEEC-445D-B853-2139FB561F80} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (??(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (??(&L)) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O9 - Extra Button: ?TV??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O9 - Extra 'Tools' menuitem : ?TV??? - {013BCEA5-8309-448b-8604-85F23D7861A5} - C:\Program Files\GRETECH\GomTVHelper\ghelper.dll ((?)???)

O9 - Extra Button: ????? ?? ?? - {0A07354E-A092-490f-9597-BA096721A26D} - Reg Error: Key error. File not found

O9 - Extra Button: ??? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Live Writer? ???(&:) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ?? ????, 11?? - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: internet ([]about in ??? ? ?? ???)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in ??? ? ?? ???)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in ??? ? ?? ???)

O16 - DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} http://download.netmarble.net/web/nmstarte...26_20091109.cab (NetmarbleStarter26 Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate...NowStarter2.cab (NowStarter2 Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61.cab (INIwallet61 Control)

O16 - DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} http://ondisk.co.kr/setup/OnDiskWebControl.cab (OnDisk File Control)

O16 - DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} http://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB (Fdisk File Control 1)

O16 - DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} http://download.zfile.co.kr/ZFileWebControl.cab (ZFile File Control)

O16 - DPF: {48ACDFDC-9F77-422E-A207-03E4FCE6BF5C} http://yahoo.myfolder.net/InnoFD.cab (MainCtrl Class)

O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab (XPayMPIOCX Control)

O16 - DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} http://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab (GPKIInstallerX Class)

O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} http://download.netmarble.net/ActiveX/NMAu....1_20091109.cab (NetmarbleAutoUpdater Class)

O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} https://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab (NCLoaderCtl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1256884841828 (WUWebControl Class)

O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} http://imbbs.imbc.com/controls/BBSFileUpload.cab (BBSFileUpload Control)

O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://members.hangame.com/common/CKKeyProInst.cab (XecureCKKB Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1256985826281 (MUWebControl Class)

O16 - DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} http://www.nhis.co.kr/real/DWSocket_NH.cab (DWSocket Control)

O16 - DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} http://143.248.182.120/applex_wdigm/active...cyScannerXP.cab (PrivacyScannerXP Control)

O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)

O16 - DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} http://wo.tk.co.kr/webstarter/webstarter.cab (WebStarter Control)

O16 - DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} http://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab (OmlUMngClnt Class)

O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://gcc.nefficient.co.kr/gcc/vista/xecu.../xw_install.cab (XecureWeb 4.0 Client Control)

O16 - DPF: {811576B0-FD69-4414-8C43-AB30546C102D} http://down.speeddownload.kr/info/SpeedDownAxProj.cab (SpeedDownAx Control)

O16 - DPF: {89F434A7-4A49-4394-AC02-007480331AE2} http://download.netmarble.net/ActiveX/NMAu...nfo_1.0.0.1.cab (NetmarbleSystemIDInfo Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} http://cs.hangame.com/hangame/js/mail/HGReport.cab (SpecAnalyzer Class)

O16 - DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} http://ziofile.com/setver/ZioFileControl.cab (Zio File Control)

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://pann.nate.com/html/editor/CyPictureU.cab?20090430 (CyImage Class)

O16 - DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} http://www.bomul.com/common/InnoFD/bomul_zdnet.cab (MainCtrl Class)

O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab (V3D Client Control)

O16 - DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} http://www.beefile.com/mmsv/BeefileWebControl.CAB (Beefile File Share Control 1)

O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} http://download.netmarble.net/kdefence/100929/kdfense8.cab (Kdfense8 Control)

O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (Sayclub Login Control)

O16 - DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} http://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab (FileUpload_Invil Control)

O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)

O16 - DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} http://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab (KVPLoginCtl Control)

O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://member.hangame.com/common/HanSetup1040.cab (HanSetupCtrl1010 Class)

O16 - DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} http://muhanfile.net/p2p/ActiveX/SeverFileX.ocx (AXServerFileX Control)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} http://218.55.98.92/appx/pdpopax.cab (MyPdpopAX Class)

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://supdate.nprotect.net/nprotect2007/k...kcx_1004271.cab (NPKCX Control)

O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} https://plugin.inicis.com/banktown/wallet/p...tPmntClient.cab (BtPmntClient Class)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photoup...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)

O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} https://web.teledit.com/Sign/SKCommAX.cab (SKCommAX Control)

O16 - DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} http://toolbar.imbc.com/toolbar/setup/MBCXeb.cab (MBCXeb Control)

O16 - DPF: {F67C8301-3928-4CAC-8914-16363551D293} http://www.iprovest.com/wts/object/KbcWeb.cab (KbcWebDesk Control)

O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssearch.net/ActiveX/IPlusInstall.cab (AxIPlusInstall)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10113.dll (© INITECH)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-05-03 11:22:31 | 000,000,037 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-23 19:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\OTL

[2011-01-23 18:51:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.MAIN1\Recent

[2011-01-23 18:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????\SanityCheck

[2011-01-23 18:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\?? ??\????\Advanced Task Manager

[2011-01-23 18:50:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-01-23 15:52:29 | 006,022,440 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\AppRemover.exe

[2011-01-22 22:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp

[2011-01-22 22:17:29 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys

[2011-01-22 22:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck

[2011-01-22 21:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions

[2011-01-22 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ProcessExplorer

[2011-01-22 19:25:55 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Administrator.MAIN1\?? ??\avg_remover_stf_x86_2011_1184.exe

[2011-01-22 17:02:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011-01-22 16:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\RegGenie

[2011-01-22 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegGenie

[2011-01-18 19:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\PFConfig

[2011-01-18 19:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\vbSkinner

[2011-01-18 16:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\Vitalwerks

[2011-01-18 16:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\????\No-IP DUC

[2011-01-18 16:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\No-IP

[2011-01-17 21:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Thinstall

[2011-01-14 20:36:46 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe

[2011-01-14 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spy Net Removal Tool

[2011-01-14 20:29:44 | 020,326,229 | ---- | C] (Security Stronghold ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\SpyNetRemovalTool.exe

[2011-01-14 20:22:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\install

[2011-01-14 18:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\My Documents\?? ??

[2011-01-14 17:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Video Enhancer

[2011-01-09 18:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Rovio

[2011-01-08 19:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\????\Beefile

[2011-01-08 17:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\beefile.com

[2011-01-08 17:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\spamcop

[2011-01-01 23:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.MAIN1\?? ??\???

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-01-23 18:54:43 | 000,000,668 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job

[2011-01-23 18:54:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-01-23 15:52:38 | 006,022,440 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\AppRemover.exe

[2011-01-23 14:52:00 | 000,000,672 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011-01-22 22:17:30 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\SanityCheck.lnk

[2011-01-22 21:54:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Advanced Task Manager.lnk

[2011-01-22 21:43:40 | 000,479,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011-01-22 21:43:40 | 000,269,564 | ---- | M] () -- C:\WINDOWS\System32\perfh012.dat

[2011-01-22 21:43:40 | 000,079,528 | ---- | M] () -- C:\WINDOWS\System32\perfc012.dat

[2011-01-22 21:43:40 | 000,079,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011-01-22 21:27:52 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011-01-22 19:26:00 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Administrator.MAIN1\?? ??\avg_remover_stf_x86_2011_1184.exe

[2011-01-22 19:15:35 | 004,159,359 | R--- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Combo-Fix.exe

[2011-01-22 18:36:19 | 004,159,359 | R--- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ComboFix.exe

[2011-01-22 18:06:26 | 000,317,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-01-22 09:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011-01-21 19:07:20 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\dds.scr

[2011-01-21 19:07:20 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\dds.com

[2011-01-21 18:49:03 | 059,325,912 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\avira_antivir_personal_en.exe

[2011-01-21 18:44:25 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\gjtj58wg.exe

[2011-01-21 18:43:50 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\defogger_reenable

[2011-01-21 18:43:07 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Defogger.exe

[2011-01-21 15:07:41 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-01-17 18:57:28 | 000,228,352 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-01-16 10:59:35 | 000,427,907 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2011-01-15 15:39:48 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\January 2011? ?? ??.lnk

[2011-01-14 20:37:23 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\spybotsd162.exe

[2011-01-14 20:32:09 | 020,326,229 | ---- | M] (Security Stronghold ) -- C:\Documents and Settings\Administrator.MAIN1\My Documents\SpyNetRemovalTool.exe

[2011-01-14 16:57:10 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk

[2011-01-14 16:57:09 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\?TV.lnk

[2011-01-14 16:57:07 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\?? ??\?????.lnk

[2011-01-14 15:34:09 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\???? ???.lnk

[2011-01-14 15:34:08 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\???? ???.lnk

[2011-01-10 03:08:12 | 000,004,286 | ---- | M] () -- C:\WINDOWS\System32\Beefile.ico

[2011-01-02 03:51:11 | 000,013,631 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ROTP.docx

[2011-01-01 21:34:57 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\February 2011? ?? ??.lnk

[2011-01-01 19:19:44 | 000,047,098 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberPressPDF.pdf

[2011-01-01 19:11:38 | 000,003,232 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\NumberingSettings.np3

[2010-12-28 19:15:24 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys

[2010-12-28 19:15:23 | 000,039,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS

[2010-12-28 19:15:23 | 000,017,160 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS

[2010-12-25 22:14:33 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI

[2010-12-24 22:15:58 | 000,136,677 | ---- | M] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\certificate003.pdf

[2010-12-24 20:39:07 | 000,001,226 | ---- | M] () -- C:\WINDOWS\System32\p3downasx.asx

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-01-22 22:17:30 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\SanityCheck.lnk

[2011-01-22 21:54:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Advanced Task Manager.lnk

[2011-01-22 19:15:28 | 004,159,359 | R--- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\Combo-Fix.exe

[2011-01-22 18:36:08 | 004,159,359 | R--- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\ComboFix.exe

[2011-01-21 19:05:44 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\dds.com

[2011-01-21 19:05:16 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\dds.scr

[2011-01-21 18:46:14 | 059,325,912 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\avira_antivir_personal_en.exe

[2011-01-21 18:44:23 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\gjtj58wg.exe

[2011-01-21 18:43:35 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\defogger_reenable

[2011-01-21 18:43:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\Defogger.exe

[2011-01-10 03:08:12 | 000,004,286 | ---- | C] () -- C:\WINDOWS\System32\Beefile.ico

[2011-01-08 19:44:42 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Microsoft\Internet Explorer\Quick Launch\???? ???.lnk

[2011-01-08 19:44:42 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\???? ???.lnk

[2011-01-02 03:41:22 | 000,013,631 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\ROTP.docx

[2011-01-01 21:34:57 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\?? ??\February 2011? ?? ??.lnk

[2010-12-24 22:15:58 | 000,136,677 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\My Documents\certificate003.pdf

[2010-11-29 18:06:28 | 000,041,880 | ---- | C] () -- C:\WINDOWS\System32\HanGamePlugin19.dll

[2010-11-27 18:56:11 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2010-11-27 18:56:11 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2010-11-27 18:56:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2010-11-27 18:56:11 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2010-10-12 17:55:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\v3tmphtm.html

[2010-10-11 17:46:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2010-09-25 14:36:18 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg

[2010-09-25 14:36:15 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll

[2010-09-24 18:01:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NPSN3

[2010-09-19 20:03:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NP_PDF_FilePath

[2010-09-19 20:03:03 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Application Data\NumberPressPrefs3

[2010-09-04 18:51:09 | 000,000,106 | ---- | C] () -- C:\WINDOWS\msecure.ini

[2010-09-04 16:58:32 | 001,443,224 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1061.dll

[2010-08-31 16:56:45 | 000,000,030 | ---- | C] () -- C:\Program Files\NOT

[2010-08-28 18:42:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\fusioncache.dat

[2010-07-07 16:10:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\pfwbase.INI

[2010-07-07 16:09:20 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PFW3.INI

[2010-07-07 16:09:12 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Averasell.ini

[2010-07-07 16:08:39 | 000,000,444 | ---- | C] () -- C:\WINDOWS\retailer.ini

[2010-06-17 15:06:30 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2010-06-13 18:09:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll

[2010-06-13 18:07:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini

[2010-06-13 18:07:45 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini

[2010-06-04 15:24:51 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll

[2010-04-29 14:09:00 | 000,032,257 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_DefinePacket_NH.ini

[2010-04-29 10:04:58 | 000,000,313 | ---- | C] () -- C:\WINDOWS\System32\DWSocket_Set.ini

[2009-11-24 08:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll

[2009-10-30 03:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\wgalogon.dll.bak

[2009-10-30 03:25:25 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

[2009-10-30 03:15:54 | 000,228,352 | ---- | C] () -- C:\Documents and Settings\Administrator.MAIN1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-30 01:24:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009-10-30 01:05:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-10-20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009-05-21 03:45:16 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll

[2009-04-30 22:35:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009-04-10 12:19:32 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_JPN.dll

[2009-04-10 12:19:26 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_CHN.dll

[2009-04-10 12:19:20 | 000,103,904 | ---- | C] () -- C:\WINDOWS\System32\FU_ENG.dll

[2009-04-10 12:19:14 | 000,153,056 | ---- | C] () -- C:\WINDOWS\System32\FU_KOR.dll

[2009-04-06 16:16:34 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll

[2008-03-20 04:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\legitcheckcontrol.dll.bak

[2008-03-20 04:06:36 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll

[2008-03-13 01:19:56 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\netdrive.sys

[2008-02-28 15:45:20 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\KvpLoginUpCom.dll

[2004-06-23 11:20:02 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI

[2004-01-18 00:46:33 | 000,001,168 | ---- | C] () -- C:\WINDOWS\wconfig.ini

[2003-08-28 14:44:28 | 000,000,211 | ---- | C] () -- C:\WINDOWS\drds.ini

[2001-08-29 07:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys

[2001-08-29 07:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys

[2001-08-29 07:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys

[2001-08-29 07:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys

========== LOP Check ==========

[2010-08-24 14:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\AppLauncher

[2011-01-22 16:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\BitTorrent

[2010-09-03 14:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ClientKeeper

[2009-10-30 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Clunet

[2009-10-30 01:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools

[2009-11-09 15:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools Lite

[2009-10-30 01:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DAEMON Tools Pro

[2010-10-03 16:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Disk Cleaner

[2010-12-06 18:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\DriverCure

[2010-09-18 15:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GetRightToGo

[2009-11-12 17:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\GSplit

[2010-11-29 18:07:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Hangame

[2010-12-06 18:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\ParetoLogic

[2010-09-18 15:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PowerPad

[2010-12-06 16:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\PriceGong

[2010-12-20 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\RayV

[2011-01-22 16:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\RegGenie

[2011-01-09 18:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Rovio

[2010-11-27 18:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Simply Super Software

[2010-10-26 20:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\SpeedDown

[2010-11-29 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Sytexis Software

[2011-01-17 21:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Thinstall

[2010-08-20 14:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Wdigm

[2010-09-03 18:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Windows Search

[2009-10-30 02:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.MAIN1\Application Data\Wiz Solution

[2010-12-17 21:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Clunet

[2009-10-30 02:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Lite

[2010-10-04 17:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro

[2011-01-22 22:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Temp

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *AVG*
    *Grisoft*

    :folderfind
    *AVG*
    *Grisoft*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Here is a systemlook file

SystemLook 04.09.10 by jpshortstuff

Log created at 15:19 on 24/01/2011 by Administrator

Administrator - Elevation successful

========== filefind ==========

Searching for "*AVG*"

C:\Documents and Settings\Administrator.MAIN1\My Documents\avg_free_stf_en_85_325a1500.exe --a---- 64470784 bytes [16:24 06/05/2009] [16:24 06/05/2009] 7403E3052D0987F617DA4172784012BD

C:\Documents and Settings\Administrator.MAIN1\?? ??\avgremover.log --a---- 1067326 bytes [00:26 23/01/2011] [20:24 23/01/2011] 77975A96EF6AE867CE4A01FEA9C30380

C:\Documents and Settings\Administrator.MAIN1\?? ??\avgrep.txt --a---- 4402 bytes [21:59 18/09/2010] [00:32 19/09/2010] 1FA9A7753A9AFE3957F22FB2B4A6C95C

C:\Documents and Settings\Administrator.MAIN1\?? ??\avg_remover_stf_x86_2011_1184.exe --a---- 1090912 bytes [00:25 23/01/2011] [00:26 23/01/2011] 895DBCA53EF7667773BA0BB1CBBA42F0

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\Log\avgcfg.log --a---- 11630 bytes [01:19 22/12/2010] [21:50 07/01/2011] 122312E52DB1003AD818816297AA591C

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\Log\avgcfg.log.lock --a---- 0 bytes [01:19 22/12/2010] [01:19 22/12/2010] D41D8CD98F00B204E9800998ECF8427E

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\Log\avgcore.log --a---- 314 bytes [00:03 21/12/2010] [03:27 08/01/2011] 15037C94E20DFCD78151659B66CD9CA6

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\Log\avgcore.log.lock --a---- 0 bytes [03:27 08/01/2011] [03:27 08/01/2011] D41D8CD98F00B204E9800998ECF8427E

C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\LOGFILES\avguard.log --a---- 78330 bytes [01:06 24/01/2011] [20:14 24/01/2011] 927CDDE3C4C267F81C2B52077C311DF3

C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\avguard.tmp --a---- 37978686 bytes [20:14 24/01/2011] [20:14 24/01/2011] (Unable to calculate MD5)

C:\Program Files\AVG\AVG8\avgcfgx.dll.old --a---- 836888 bytes [00:01 21/12/2010] [00:10 21/12/2010] 9D664EBFF8376F9FAD555315EBA0B82E

C:\Program Files\AVG\AVG8\avglngx.dll.old --a---- 310552 bytes [00:02 21/12/2010] [00:10 21/12/2010] 1E95CC406F708CAE4BE258D8F87A786F

C:\Program Files\AVG\AVG8\avglogx.dll.old --a---- 337176 bytes [00:02 21/12/2010] [00:10 21/12/2010] D0D7FB6B69E93B022CA2F1827587AF42

C:\Program Files\AVG\AVG8\avgmvflx.dll.old --a---- 305944 bytes [00:02 21/12/2010] [00:10 21/12/2010] 6652337361E9FF37478DB335FFB234CE

C:\Program Files\AVG\AVG8\avgresf.dll.old --a---- 2167576 bytes [00:02 21/12/2010] [00:02 21/12/2010] EC64B1F69AEC8F084BF63E9B9B7C8132

C:\Program Files\AVG\AVG8\avgscanx.dll.old --a---- 339736 bytes [00:01 21/12/2010] [00:10 21/12/2010] 741FC650E379334AC4012710FC1A9986

C:\Program Files\AVG\AVG8\avgsrmx.dll.old --a---- 681240 bytes [00:02 21/12/2010] [00:10 21/12/2010] 0CC4F7FF182C11D606472C4A6154A7EF

C:\Program Files\AVG\AVG8\avgtray.exe.old --a---- 2000152 bytes [00:02 21/12/2010] [00:10 21/12/2010] 384D5440B780BD921399A5697E6E1623

C:\Program Files\AVG\AVG8\avgui.exe.old --a---- 3476760 bytes [00:02 21/12/2010] [00:10 21/12/2010] F63482A8E6D1241C926CD642EECEB30A

C:\Program Files\AVG\AVG8\avguires.dll.old --a---- 2808600 bytes [00:02 21/12/2010] [00:10 21/12/2010] 4F6587337D8F32E4530F5296A013DB08

C:\Program Files\AVG\AVG8\avgvvx.dll.old --a---- 515864 bytes [00:02 21/12/2010] [00:10 21/12/2010] 4216F7143D4B83C53927982184D831D2

C:\Program Files\Avira\AntiVir Desktop\avghook.dll --a---- 435560 bytes [01:03 24/01/2011] [19:27 17/06/2010] 53AD98D496349C187ADDFDE866392D29

C:\Program Files\Avira\AntiVir Desktop\avgio.dll --a---- 89448 bytes [01:03 24/01/2011] [13:39 13/12/2010] DC4075C135EF78F6BC8674BB4C87E0B5

C:\Program Files\Avira\AntiVir Desktop\avgio.sys --a---- 11608 bytes [01:03 24/01/2011] [19:27 17/06/2010] 0B497C79824F8E1BF22FA6AACD3DE3A0

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe --a---- 281768 bytes [01:03 24/01/2011] [13:39 13/12/2010] C983E62B6FB74457D173BA93F66F6068

C:\Program Files\Avira\AntiVir Desktop\avgntflt.inf --a---- 2373 bytes [01:03 24/01/2011] [13:40 13/12/2010] 9AEA7BAF904D4A87994E0CA2FAACD482

C:\Program Files\Avira\AntiVir Desktop\avguard.exe --a---- 267944 bytes [01:03 24/01/2011] [13:39 13/12/2010] 48BE1FCFF1C929C899F29BCDC8659D9F

C:\WINDOWS\Prefetch\AVGNT.EXE-200FEF40.pf --a---- 70186 bytes [01:08 24/01/2011] [03:00 24/01/2011] 23F02DF32CF58D939FC61E2F81299BE4

C:\WINDOWS\Prefetch\AVGUARD.EXE-27095CE7.pf --a---- 58302 bytes [01:06 24/01/2011] [20:11 24/01/2011] A38399D31B308D56274A344A6CC04A9A

C:\WINDOWS\system32\drivers\avgntdd.sys --a---- 45416 bytes [01:03 24/01/2011] [19:27 17/06/2010] 5B44C214F9CD9F590BE9125347610380

C:\WINDOWS\system32\drivers\avgntflt.sys --a---- 61960 bytes [01:03 24/01/2011] [13:40 13/12/2010] 47B879406246FFDCED59E18D331A0E7D

C:\WINDOWS\system32\drivers\avgntmgr.sys --a---- 22360 bytes [01:03 24/01/2011] [19:27 17/06/2010] 87451AA7CC6B6A590EBCEA05E755075A

Searching for "*Grisoft*"

No files found.

========== folderfind ==========

Searching for "*AVG*"

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 d------ [20:25 18/09/2010]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_512eaa7a d------ [20:14 24/01/2011]

C:\Program Files\AVG d------ [16:28 06/05/2009]

C:\Program Files\AVG\AVG8 d------ [16:28 06/05/2009]

Searching for "*Grisoft*"

No folders found.

-= EOF =-

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:files
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
C:\Program Files\AVG

:Commands
[purity]
[emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== FILES ==========

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8\Log folder moved successfully.

C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 folder moved successfully.

C:\Program Files\AVG\AVG8\log folder moved successfully.

C:\Program Files\AVG\AVG8 folder moved successfully.

C:\Program Files\AVG folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Administrator.MAIN1

->Temp folder emptied: 57052735 bytes

->Temporary Internet Files folder emptied: 99757875 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 32367012 bytes

->Flash cache emptied: 3545 bytes

User: Administrator.MAIN1.003

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: ADMINI~1~MAI

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.001

->Temp folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.002

->Temp folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.003

->Temp folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.004

->Temp folder emptied: 0 bytes

User: LocalService.NT AUTHORITY.005

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.000

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.001

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.002

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.003

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.004

->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY.005

->Temp folder emptied: 178976 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 12673 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 75060 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 27513312 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 11946687 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 218.00 mb

OTL by OldTimer - Version 3.2.20.4 log created on 01242011_155643

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DFC98F.tmp not found!

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DFCE20.tmp not found!

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DFD60C.tmp not found!

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\Temp\~DFD7FC.tmp not found!

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\SAPX6TSA\adsCAAUSPAX.htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\SAPX6TSA\adsCAUU4TTS.htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\SAPX6TSA\index[4].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\SAPX6TSA\openhand_8_8[1].bmp moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\SAPX6TSA\xmlProxy[1].htm moved successfully.

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\HO1AAK7E\adsCA1X33Z1.htm not found!

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\HO1AAK7E\adsCAGMOKID.htm not found!

File\Folder C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\HO1AAK7E\all-major-banks-swift-codes[1].html not found!

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\HO1AAK7E\EditMessageLight[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\HO1AAK7E\Messenger[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\HO1AAK7E\RteFrame[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\8BD999WX\index[6].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\8BD999WX\resourcespreload[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\6ELXDKA5\AttachmentUploader[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\6ELXDKA5\default[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\6ELXDKA5\LocalStorage[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\6ELXDKA5\search[3].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\6ELXDKA5\statementinquiriesanddisputeresolution_cm[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\Content.IE5\6ELXDKA5\xmlProxy[1].htm moved successfully.

C:\Documents and Settings\Administrator.MAIN1\Local Settings\?? ??? ??\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Please manually delete your copy of ComboFix and download a new fresh one. Try again.

ComboFix 11-01-23.07 - Administrator 2011-01-24 17:11:09.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.1406.767 [GMT -5:00]

Running from: c:\documents and settings\Administrator.MAIN1\?? ??\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator.MAIN1\?? ??\?? ????, 11??.url

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Administrator.MAIN1\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Administrator.MAIN1\Favorites\?? ????, 11??.url

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin\image_bk.gif

c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\AutoStylingPlugin\image_ok.gif

c:\documents and settings\All Users.WINDOWS\?? ??\????\Auto Styling Plugin

c:\documents and settings\LocalService.NT AUTHORITY.005\Local Settings\Application Data\AutoStylingPlugin

c:\program files\Auto Styling Plugin

c:\program files\RegGenie

c:\program files\RegGenie\Backups\40565.6966739005

c:\program files\RegGenie\RegGenie.ini

c:\windows\system32\_packet.dlluninstall

c:\windows\system32\install

.

((((((((((((((((((((((((( Files Created from 2010-12-24 to 2011-01-24 )))))))))))))))))))))))))))))))

.

2011-01-24 03:08 . 2011-01-24 03:08 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Avira

2011-01-24 02:16 . 2011-01-24 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Comodo

2011-01-24 02:15 . 2011-01-24 02:16 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-01-24 01:47 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-24 01:47 . 2011-01-24 01:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2011-01-24 01:47 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-24 01:47 . 2011-01-24 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-24 01:03 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-01-24 01:03 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-01-24 01:03 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-01-24 01:03 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-01-24 01:03 . 2011-01-24 01:03 -------- d-----w- c:\program files\Avira

2011-01-24 01:03 . 2011-01-24 01:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira

2011-01-23 03:25 . 2011-01-23 03:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Temp

2011-01-23 03:17 . 2011-01-23 23:45 -------- d-----w- c:\program files\SanityCheck

2011-01-23 03:17 . 2010-08-23 22:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys

2011-01-22 21:44 . 2011-01-22 21:44 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\RegGenie

2011-01-22 07:01 . 2011-01-22 07:01 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.005\Local Settings\Application Data\PCHealth

2011-01-19 00:59 . 2011-01-19 01:13 -------- d-----w- c:\program files\PFConfig

2011-01-19 00:54 . 2011-01-19 01:09 -------- d-----w- c:\windows\vbSkinner

2011-01-18 21:47 . 2011-01-18 21:47 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Local Settings\Application Data\Vitalwerks

2011-01-18 21:46 . 2011-01-18 21:46 -------- d-----w- c:\program files\No-IP

2011-01-18 02:51 . 2011-01-18 02:51 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Thinstall

2011-01-15 01:32 . 2011-01-15 03:11 -------- d-----w- c:\program files\Spy Net Removal Tool

2011-01-14 22:15 . 2011-01-16 00:12 -------- d-----w- c:\program files\Video Enhancer

2011-01-09 23:45 . 2011-01-09 23:45 -------- d-----w- c:\documents and settings\Administrator.MAIN1\Application Data\Rovio

2011-01-08 22:45 . 2011-01-09 00:44 -------- d-----w- c:\program files\beefile.com

2011-01-08 22:38 . 2011-01-22 21:03 -------- d-----w- c:\program files\spamcop

2011-01-06 22:37 . 2011-01-06 22:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-01-06 22:37 . 2011-01-06 22:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-01-06 22:37 . 2011-01-06 22:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-01-06 22:37 . 2011-01-06 22:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys

2010-12-29 06:42 . 2010-12-29 06:42 285480 ----a-w- c:\windows\system32\guard32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-29 00:15 . 2010-07-20 00:39 126048 ----a-w- c:\windows\system32\kcrtx86.sys

2010-12-29 00:15 . 2010-09-03 19:10 39944 ----a-w- c:\windows\system32\JRSKD24.SYS

2010-12-29 00:15 . 2010-07-20 00:39 17160 ----a-w- c:\windows\system32\JRSUKD25.SYS

2010-12-12 00:20 . 2010-12-12 00:20 192512 ----a-w- c:\windows\system32\kdfvmgr.exe

2010-12-12 00:20 . 2010-07-20 00:04 83288 ----a-w- c:\windows\system32\kdfapi.dll

2010-12-12 00:20 . 2010-07-20 00:04 59976 ----a-w- c:\windows\system32\Kdfhok.dll

2010-12-12 00:20 . 2010-12-12 00:20 61440 ----a-w- c:\windows\system32\proDefense.dll

2010-12-12 00:20 . 2010-12-12 00:20 961176 ----a-w- c:\windows\system32\KQXRAAGP.exe

2010-12-12 00:20 . 2010-07-20 00:04 314120 ----a-w- c:\windows\system32\kdfmod.dll

2010-12-12 00:19 . 2010-07-20 00:04 547984 ----a-w- c:\windows\system32\kdfinj.dll

2010-12-11 00:20 . 2010-12-11 00:20 45056 ----a-w- c:\windows\system32\UTSCSI.EXE

2010-11-20 03:30 . 2009-10-30 06:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-11-18 18:12 . 2009-10-30 06:10 77824 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 09:15 . 2010-03-04 01:48 3276800 ----a-w- c:\windows\system32\clubbox.exe

2010-11-10 08:03 . 2010-03-04 01:48 167936 ----a-w- c:\windows\system32\downengine.dll

2010-11-09 14:51 . 2004-08-03 15:53 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:21 . 2004-08-03 15:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:21 . 2004-08-03 15:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-06 00:21 . 2004-08-03 15:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 08:13 . 2010-03-04 01:49 6839370 ----a-w- c:\windows\system32\2ndrive_setup.exe

2010-11-04 07:26 . 2010-03-04 01:48 45419 ----a-w- c:\windows\system32\clubboxuninstall.exe

2010-11-03 12:26 . 2004-08-03 15:40 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2001-08-29 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:13 . 2004-08-03 15:50 290048 ----a-w- c:\windows\system32\atmfd.dll

2008-03-09 11:25 . 2010-09-25 19:36 236 ----a-w- c:\program files\Common Files\dx.reg

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-06-07 2561320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]

"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="ctfmon.exe" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]

Ime File REG_SZ IMKR12.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:27 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\ZioFile\\ZioFileHighDown.exe"=

"c:\\WINDOWS\\system32\\skcbgm.exe"=

"c:\\WINDOWS\\system32\\fscagent.exe"=

"c:\\Program Files\\RayV\\RayV\\RayV.exe"=

"c:\\Program Files\\RayV\\RayV\\RayV.dll"=

"c:\\Program Files\\Fdisk.co.kr\\Fdisk(fast)\\FdiskDown.exe"=

"c:\\Program Files\\Fdisk.co.kr\\Fdisk(fast)\\ExpressService.exe"=

"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\Administrator.MAIN1\\Application Data\\RayV\\Viewer\\RayV.dll"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\beefile.com\\Beefile(fast)\\NetAccelerator.exe"=

"c:\\PC???\\Start.exe"=

"c:\\WINDOWS\\system32\\clubbox.exe"=

"c:\\Program Files\\Zfile\\ZfileDown.exe"=

"c:\\WINDOWS\\system32\\grdmgr.exe"=

"c:\\Program Files\\OnDisk\\OnDiskDownService.exe"=

"c:\\Program Files\\OnDisk\\OnDiskGDown.exe"=

"c:\\Program Files\\OnDisk\\OnDiskDown.exe"=

"c:\\Program Files\\QuickDownloadService\\qdownservice.exe"=

"c:\\WINDOWS\\skcbgm.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\beefile.com\\Beefile(fast)\\BeefileDown.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-01-06 ?? 5:37 239368]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-01-06 ?? 5:37 27576]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-23 ?? 8:03 135336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-01-23 ?? 8:47 363344]

R2 NetAccelerator;NetAccelerator_Service;c:\program files\beefile.com\Beefile(fast)\NetAccelerator.exe [2011-01-10 ?? 9:01 147968]

R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2010-03-09 ?? 10:17 31328]

R2 OnDiskDownService;OnDisk Download Service;c:\program files\OnDisk\OnDiskDownService.exe [2010-11-27 ?? 4:58 150016]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2009-10-30 ?? 1:23 45824]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-10-09 ?? 3:18 36432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-01-23 ?? 8:47 20952]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2009-10-30 ?? 1:23 56960]

S0 dtemd;dtemd;c:\windows\system32\drivers\iygmo.sys --> c:\windows\system32\drivers\iygmo.sys [?]

S0 ffrxnhol;ffrxnhol;c:\windows\system32\drivers\rqxd.sys --> c:\windows\system32\drivers\rqxd.sys [?]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 ?? 12:16 130384]

S2 ExpressService;ExpressService;c:\program files\ZioFile\ExpressService.exe --> c:\program files\ZioFile\ExpressService.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 ?? 6:22 136176]

S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]

S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]

S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2010-09-03 ?? 2:10 39944]

S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-07-19 ?? 7:39 126048]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 ?? 1:19 50704]

S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\ProDefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]

S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2011-01-22 ?? 10:17 27192]

S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 ?? 12:16 753504]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe --> c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-30 ?? 1:26 691696]

.

Contents of the 'Scheduled Tasks' folder

2011-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0db54a977e38.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 23:22]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 23:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://kr.yahoo.com/ilc76

mStart Page = about:blank

IE: Google ?????... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmal...;tid=1000105205

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: {7E7CB7B5-A7F5-41CA-9174-1F16C55DB918} = 156.154.70.22,156.154.71.22

Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\INITECH\SHTTP\InitechSHTTPInterface.10113.dll

Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\INITECH\SHTTP\InitechSHTTPInterface.10113.dll

DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab

DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab

DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61.cab

DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab

DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB

DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab

DPF: {48ACDFDC-9F77-422E-A207-03E4FCE6BF5C} - hxxp://yahoo.myfolder.net/InnoFD.cab

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab

DPF: {531BBB4D-B043-4D70-8A88-0A416C7F7CD0} - hxxp://tax.iansan.net/gpkisecureweb/setup/GPKIInstaller.cab

DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/NMAutoUpdateX_1.0.1.1_20091109.cab

DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/UniUpdate/NCLoader.8.cab

DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} - hxxp://imbbs.imbc.com/controls/BBSFileUpload.cab

DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxps://members.hangame.com/common/CKKeyProInst.cab

DPF: {7062B754-F059-471E-9D9F-ECBB9EF79EDF} - hxxp://www.nhis.co.kr/real/DWSocket_NH.cab

DPF: {77646142-F7D6-472E-A2FB-E3E02BCED107} - hxxp://143.248.182.120/applex_wdigm/activex//PrivacyScannerXP.cab

DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab

DPF: {7A9F36F4-DB68-4F90-8FE7-E915E04BDD49} - hxxp://wo.tk.co.kr/webstarter/webstarter.cab

DPF: {7D390008-37BF-470E-B6BD-1DA5559071EC} - hxxp://main.ohmylove.co.kr/resource/umng/omlUMngClnt.cab

DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab

DPF: {811576B0-FD69-4414-8C43-AB30546C102D} - hxxp://down.speeddownload.kr/info/SpeedDownAxProj.cab

DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab

DPF: {8C2E6E01-D1F6-4A94-B314-7C5DF4EE1853} - hxxp://cs.hangame.com/hangame/js/mail/HGReport.cab

DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cab

DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://pann.nate.com/html/editor/CyPictureU.cab?20090430

DPF: {999A4982-61C2-4BF8-8094-30CEF9A6BAB9} - hxxp://www.bomul.com/common/InnoFD/bomul_zdnet.cab

DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab

DPF: {9A7D9941-6DB0-4AD7-8454-509D2793C5E8} - hxxp://www.beefile.com/mmsv/BeefileWebControl.CAB

DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/100929/kdfense8.cab

DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab

DPF: {AD0D5025-0FE3-4D5A-A520-FE8BE30EA789} - hxxp://eminwon.iansan.net/emwp/cab/fileupload/FileUpload.cab

DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab

DPF: {B1F38AB3-D8C7-49A2-B09C-8055D2128BC6} - hxxp://www.vpay.co.kr/kvpfiles/KVPLoginCTLD.cab

DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://member.hangame.com/common/HanSetup1040.cab

DPF: {C2922A7B-7F24-49DB-A414-CBCD0CCD233A} - hxxp://muhanfile.net/p2p/ActiveX/SeverFileX.ocx

DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab

DPF: {D3767BB2-2DEE-480D-AD13-4AF23F3E332E} - hxxp://218.55.98.92/appx/pdpopax.cab

DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

DPF: {F0B421DD-19FA-494A-9044-AAA4994A3217} - hxxp://toolbar.imbc.com/toolbar/setup/MBCXeb.cab

DPF: {F67C8301-3928-4CAC-8914-16363551D293} - hxxp://www.iprovest.com/wts/object/KbcWeb.cab

DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} - hxxp://i-plus.jssearch.net/ActiveX/IPlusInstall.cab

FF - ProfilePath - c:\documents and settings\Administrator.MAIN1\Application Data\Mozilla\Firefox\Profiles\j5s9qsp7.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Freecorder Community Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

MSConfigStartUp-DragSearch - c:\documents and settings\All Users.WINDOWS\Application Data\DragSearch\Updater.exe

MSConfigStartUp-RegGenie Scheduler - c:\program files\RegGenie\RegGenieScheduler.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-24 17:29

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sy@"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\D.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Styles]

@Denied: (Full) (Administrator)

@Denied: (Full) (LocalSystem)

"Count_Style_Sheets"=hex:05,00,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\IMKR12.IME

- - - - - - - > 'lsass.exe'(836)

c:\windows\system32\guard32.dll

.

Completion time: 2011-01-24 17:39:53

ComboFix-quarantined-files.txt 2011-01-24 22:39

ComboFix2.txt 2010-09-29 00:16

Pre-Run: 81,913,434,112 ??? ??

Post-Run: 81,902,039,040 ??? ??

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4A3E8556B5FA74C3B953F8B3A3D56E0E

Link to post
Share on other sites

Okay, I need more information about some files. Please visit www.virustotal.com and upload one by one the following files:

c:\windows\system32\KQXRAAGP.exe

c:\Program Files\Zfile\ZfileDown.exe

c:\WINDOWS\system32\grdmgr.exe

Post the resaults in your next reply.

Link to post
Share on other sites

File name: KQXRAAGP.exe

Submission date: 2011-01-25 20:10:47 (UTC)

Current status: queued (#81) queued (#81) analysing finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.1.245 2011.01.25 -

Antiy-AVL 2.0.3.7 2011.01.25 -

Avast 4.8.1351.0 2011.01.25 -

Avast5 5.0.677.0 2011.01.25 -

AVG 10.0.0.1190 2011.01.25 -

BitDefender 7.2 2011.01.25 -

CAT-QuickHeal 11.00 2011.01.25 -

ClamAV 0.96.4.0 2011.01.25 -

Commtouch 5.2.11.5 2011.01.25 -

Comodo 7500 2011.01.25 -

DrWeb 5.0.2.03300 2011.01.25 -

Emsisoft 5.1.0.1 2011.01.25 -

eSafe 7.0.17.0 2011.01.24 -

eTrust-Vet 36.1.8118 2011.01.25 -

F-Prot 4.6.2.117 2011.01.25 -

F-Secure 9.0.16160.0 2011.01.25 -

Fortinet 4.2.254.0 2011.01.25 -

GData 21 2011.01.25 -

Ikarus T3.1.1.97.0 2011.01.25 -

Jiangmin 13.0.900 2011.01.24 -

K7AntiVirus 9.78.3647 2011.01.25 -

Kaspersky 7.0.0.125 2011.01.25 -

McAfee 5.400.0.1158 2011.01.25 -

McAfee-GW-Edition 2010.1C 2011.01.25 -

Microsoft 1.6502 2011.01.25 -

NOD32 5818 2011.01.25 -

Norman 6.06.12 2011.01.25 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.2.7 2011.01.25 -

PCTools 7.0.3.5 2011.01.25 -

Prevx 3.0 2011.01.25 -

Rising 23.42.01.06 2011.01.25 -

Sophos 4.61.0 2011.01.25 -

SUPERAntiSpyware 4.40.0.1006 2011.01.25 -

Symantec 20101.3.0.103 2011.01.25 -

TheHacker 6.7.0.1.119 2011.01.24 -

TrendMicro 9.120.0.1004 2011.01.25 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.25 -

VBA32 3.12.14.3 2011.01.25 -

VIPRE 8194 2011.01.25 -

ViRobot 2011.1.25.4274 2011.01.25 -

VirusBuster 13.6.164.1 2011.01.25 -

Additional informationShow all

MD5 : 9ae6d35d15ef1bcb67132083024e649c

SHA1 : 3a996b5275c34b664de7a4e1e08c1dad8e8436ee

SHA256: 1f8586a78a24e5a343d51f6e81f85cd5bc68522c8c49962228006d4af820a58f

ssdeep: 12288:g7+3qBo7q3o3qBoFq3o3qBovq3o3i3X3aB4763Y3aB4F63Y3aB4v63Y3S3hveYfR:g76e

YfwK/Tpp8q8974WjsvFLn

File size : 961176 bytes

First seen: 2010-05-19 03:26:23

Last seen : 2011-01-25 20:10:47

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Kings Information _ Network

copyright....: Copyright 2007 Kings Information _ Network

product......: k-Defense Manager

description..: k-Defense R6 Manager

original name: kdfmgr.exe

internal name: kdfmgr setup

file version.: 6, 0, 1, 1

comments.....:

signers......: Kings Information & Network

VeriSign Class 3 Code Signing 2009-2 CA

Class 3 Public Primary Certification Authority

signing date.: 2:54 AM 3/31/2010

verified.....: -

PEiD: Armadillo v1.71

packers (Kaspersky): PE_Patch

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0xE695

timedatestamp....: 0x4BB2AB1D (Wed Mar 31 01:53:33 2010)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x149AA, 0x15000, 6.54, 7f12093637f1086f9790749f42a0c17f

.rdata, 0x16000, 0x1D96, 0x2000, 5.15, 2c74339f686b9f268abfc122852c1f75

.data, 0x18000, 0x7120, 0x5000, 3.45, 403effe4bfc2ec9038fdaa1966a43a24

.rsrc, 0x20000, 0xCBF00, 0xCC000, 5.17, e087db5b5ab660b3ed2a906950e7c75f

[[ 6 import(s) ]]

KERNEL32.dll: SetEvent, Sleep, SetThreadPriority, CreateThread, CreateEventA, GetPrivateProfileStringA, GetCurrentProcessId, ReleaseMutex, WaitForSingleObject, GetTickCount, CreateMutexA, LocalFree, MapViewOfFile, CreateFileMappingA, UnmapViewOfFile, GetHandleInformation, GlobalMemoryStatus, SetEndOfFile, SetEnvironmentVariableA, CompareStringW, CompareStringA, IsBadCodePtr, IsBadReadPtr, GetStringTypeW, GetStringTypeA, SetFilePointer, ReadFile, FlushFileBuffers, SetStdHandle, GetOEMCP, GetACP, GetCPInfo, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, GetCurrentThreadId, FreeEnvironmentStringsA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsBadWritePtr, DeviceIoControl, HeapDestroy, GetEnvironmentVariableA, HeapSize, HeapReAlloc, TerminateProcess, GetCurrentDirectoryA, GetFullPathNameA, LCMapStringW, LCMapStringA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetCommandLineA, GetStartupInfoA, RaiseException, HeapAlloc, HeapFree, GetSystemTime, GetTimeZoneInformation, RtlUnwind, FindFirstFileA, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, CreateRemoteThread, SetLastError, VirtualFree, VirtualAlloc, OpenProcess, GetPriorityClass, ResumeThread, GetLastError, GetSystemDefaultLangID, GetUserDefaultLangID, GetVersionExA, OutputDebugStringA, GetLocalTime, GetWindowsDirectoryA, DeleteFileA, GetSystemDirectoryA, LoadLibraryA, GetVersion, GetSystemInfo, GetModuleHandleA, GetCurrentProcess, SleepEx, ExitThread, OpenMutexA, HeapCreate, GetModuleFileNameA, GetProcAddress, FindResourceA, LoadResource, LockResource, GetFileAttributesA, SetFileAttributesA, CreateFileA, SizeofResource, WriteFile, CloseHandle, FreeEnvironmentStringsW, FreeLibrary

USER32.dll: DestroyWindow, UnregisterClassA, EndPaint, GetWindow, GetKeyboardState, SendInput, BeginPaint, FindWindowExA, GetWindowTextA, CloseDesktop, GetUserObjectInformationA, OpenInputDesktop, wsprintfA, GetKeyboardLayout, MapVirtualKeyExA, MapVirtualKeyA, ToUnicodeEx, SendMessageTimeoutW, ToUnicode, SendMessageTimeoutA, MessageBoxA, GetKeyState, LoadStringA, GetMessageA, TranslateMessage, DispatchMessageA, GetFocus, InSendMessage, ReplyMessage, PostQuitMessage, DefWindowProcA, SetDlgItemTextA, GetCursorPos, GetAsyncKeyState, IsWindow, CreateDialogParamA, LoadMenuA, GetSubMenu, AppendMenuA, CheckMenuItem, GetForegroundWindow, SetForegroundWindow, TrackPopupMenu, PostMessageA, SystemParametersInfoA, DestroyMenu, EndDialog, GetDlgItem, SendMessageA, GetWindowRect, GetDC, ReleaseDC, SetWindowPos, KillTimer, EnumWindows, GetClassNameA, AttachThreadInput, SetTimer, CreateWindowExA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassExA, FindWindowA, GetWindowThreadProcessId, LoadImageA, ToAscii

GDI32.dll: CreateCompatibleBitmap, CreateCompatibleDC, BitBlt, SelectObject, DeleteDC, DeleteObject, GetDeviceCaps, GetObjectA

ADVAPI32.dll: RegCloseKey, RegDeleteValueA, RegQueryValueExA, RegSetValueExA, RegFlushKey, RegCreateKeyExA, RegOpenKeyExA, GetSecurityDescriptorSacl, GetCurrentHwProfileA, CloseServiceHandle, OpenSCManagerA, ChangeServiceConfigA, OpenServiceA, CreateServiceA, StartServiceA

SHELL32.dll: SHGetSpecialFolderPathA, Shell_NotifyIconA, ShellExecuteA

VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 86016

Comments:

CompanyName: Kings Information & Network

EntryPoint: 0xe695

FileDescription: k-Defense R6 Manager

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 939 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6, 0, 1, 1

FileVersionNumber: 6.0.1.1

ImageVersion: 0.0

InitializedDataSize: 876544

InternalName: kdfmgr setup

LanguageCode: Korean

LegalCopyright: Copyright 2007 Kings Information & Network

LegalTrademarks:

LinkerVersion: 6.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: kdfmgr.exe

PEType: PE32

PrivateBuild:

ProductName: k-Defense Manager

ProductVersion: 2010, 3, 30, 1

ProductVersionNumber: 2010.3.30.1

SpecialBuild:

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2010:03:31 03:53:33+02:00

UninitializedDataSize: 0

================================================

File name: ZfileDown.exe

Submission date: 2011-01-25 20:14:56 (UTC)

Current status: queued (#81) queued analysing finished

Result: 1/ 43 (2.3%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.1.245 2011.01.25 -

Antiy-AVL 2.0.3.7 2011.01.25 -

Avast 4.8.1351.0 2011.01.25 -

Avast5 5.0.677.0 2011.01.25 -

AVG 10.0.0.1190 2011.01.25 -

BitDefender 7.2 2011.01.25 -

CAT-QuickHeal 11.00 2011.01.25 -

ClamAV 0.96.4.0 2011.01.25 -

Commtouch 5.2.11.5 2011.01.25 -

Comodo 7500 2011.01.25 -

DrWeb 5.0.2.03300 2011.01.25 -

Emsisoft 5.1.0.1 2011.01.25 -

eSafe 7.0.17.0 2011.01.24 -

eTrust-Vet 36.1.8118 2011.01.25 -

F-Prot 4.6.2.117 2011.01.25 -

F-Secure 9.0.16160.0 2011.01.25 -

Fortinet 4.2.254.0 2011.01.25 -

GData 21 2011.01.25 -

Ikarus T3.1.1.97.0 2011.01.25 -

Jiangmin 13.0.900 2011.01.24 -

K7AntiVirus 9.78.3647 2011.01.25 -

Kaspersky 7.0.0.125 2011.01.25 -

McAfee 5.400.0.1158 2011.01.25 -

McAfee-GW-Edition 2010.1C 2011.01.25 -

Microsoft 1.6502 2011.01.25 -

NOD32 5818 2011.01.25 -

Norman 6.06.12 2011.01.25 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.2.7 2011.01.25 -

PCTools 7.0.3.5 2011.01.25 -

Prevx 3.0 2011.01.25 -

Rising 23.42.01.06 2011.01.25 -

Sophos 4.61.0 2011.01.25 -

SUPERAntiSpyware 4.40.0.1006 2011.01.25 -

Symantec 20101.3.0.103 2011.01.25 WS.Reputation.1

TheHacker 6.7.0.1.119 2011.01.24 -

TrendMicro 9.120.0.1004 2011.01.25 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.25 -

VBA32 3.12.14.3 2011.01.25 -

VIPRE 8194 2011.01.25 -

ViRobot 2011.1.25.4274 2011.01.25 -

VirusBuster 13.6.164.1 2011.01.25 -

Additional informationShow all

MD5 : d4e23924a2875cba0bdde69d9f3be756

SHA1 : 18ce3f8e45e71bdbae6a3aa1216243ab38dec4c9

SHA256: 23de5046c5a54d0af89d194844b7d9cb3f2b84a31f3c0e38bfa3af8d560ff54e

ssdeep: 12288:i8L0Y9to6sZQvuolFJRYMl/npMQhTuDkfVx3GB+24u:N0Y9OZQWw7pMQhykxW

File size : 2784992 bytes

First seen: 2011-01-25 20:14:56

Last seen : 2011-01-25 20:14:56

TrID:

Windows Screen Saver (51.1%)

Win32 Executable Generic (33.2%)

Generic Win/DOS Executable (7.8%)

DOS Executable Generic (7.8%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: © Hive

copyright....: © Hive All rights reserved.

product......: ____ ____ ____

description..: ____ ____ ____

original name: ZfileDown.exe

internal name: ZfileDown.exe

file version.: 1.0.0.5

comments.....: n/a

signers......: Hive Corp.

Thawte Code Signing CA

Thawte Premium Server CA

signing date.: 9:42 AM 11/17/2010

verified.....: -

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x53EC8

timedatestamp....: 0x4CE3956B (Wed Nov 17 08:42:19 2010)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x6761C, 0x67800, 6.43, afc93b172a33a2437229c02794fc1c6a

.rdata, 0x69000, 0x19E18, 0x1A000, 5.22, 44482053fd1a0b5134b7a303c66e9f10

.data, 0x83000, 0x6C20, 0x3200, 4.40, 6463eef8a482cc198998e2d54460f247

.rsrc, 0x8A000, 0x221B90, 0x221C00, 4.06, e580c64819315c48d82060357b0e5e02

[[ 17 import(s) ]]

urlmon.dll: URLDownloadToFileA

WININET.dll: InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetOpenA, InternetQueryDataAvailable

NAT.DLL: -, -, -, -, -, -, -, -, -, -, -, -

KERNEL32.dll: GlobalHandle, TlsAlloc, TlsSetValue, LocalReAlloc, TlsFree, InterlockedIncrement, GetFileAttributesA, GetFileSizeEx, GetFileTime, GetCPInfo, GetOEMCP, SetErrorMode, GetModuleHandleW, RtlUnwind, ExitThread, CreateThread, RaiseException, TerminateProcess, UnhandledExceptionFilter, TlsGetValue, IsDebuggerPresent, GetSystemTimeAsFileTime, GetTimeFormatA, GetDateFormatA, GetStartupInfoA, ExitProcess, VirtualProtect, VirtualAlloc, VirtualQuery, HeapReAlloc, HeapSize, GetACP, IsValidCodePage, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, VirtualFree, QueryPerformanceCounter, InitializeCriticalSectionAndSpinCount, GetDriveTypeA, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CompareStringW, SetEnvironmentVariableA, LocalAlloc, GlobalFlags, GetCurrentDirectoryA, WritePrivateProfileStringA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindNextFileA, FormatMessageA, LocalFree, CreateFileA, GetFullPathNameA, FindFirstFileA, FindClose, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetThreadLocale, GetModuleFileNameW, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, FreeResource, GetCurrentProcessId, GlobalAddAtomA, GlobalDeleteAtom, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, CompareStringA, InterlockedExchange, GetSystemDirectoryA, DeleteFileA, GetCurrentProcess, GetCommandLineA, FreeLibrary, GetVersionExA, GetTickCount, GetNumberFormatA, GetDiskFreeSpaceExA, lstrcpynA, GetModuleHandleA, LoadLibraryA, GetProcAddress, SetLastError, MulDiv, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalReAlloc, GlobalFree, HeapAlloc, HeapFree, HeapDestroy, HeapCreate, InterlockedDecrement, GetModuleFileNameA, MultiByteToWideChar, lstrcpyA, lstrlenA, GetVolumeInformationA, lstrcmpA, WaitForSingleObject, GetExitCodeThread, TerminateThread, GetSystemInfo, EnterCriticalSection, LeaveCriticalSection, SetEvent, DeleteCriticalSection, CreateEventA, InitializeCriticalSection, WideCharToMultiByte, LoadResource, LockResource, SizeofResource, FindResourceA, GetCurrentThread, SetThreadPriority, CreateDirectoryA, CloseHandle, CreateMutexA, GetLastError, Sleep, GetProcessHeap, SetUnhandledExceptionFilter

USER32.dll: PostThreadMessageA, GetSysColorBrush, LoadCursorA, DrawIcon, IsRectEmpty, EndPaint, BeginPaint, GetWindowDC, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, MoveWindow, SetWindowTextA, IsDialogMessageA, ReleaseDC, CharUpperA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, ScrollWindow, SetMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, ShowScrollBar, GetSubMenu, GetMenuItemID, GetMenuItemCount, GetClassInfoExA, RegisterClassA, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, GetDlgCtrlID, DefWindowProcA, GetMenu, IntersectRect, IsIconic, GetWindowPlacement, GetWindow, SetWindowContextHelpId, MapDialogRect, SetWindowPos, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowThreadProcessId, GetLastActivePopup, IsWindowEnabled, ShowOwnedPopups, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, IsWindowVisible, GetKeyState, PeekMessageA, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, ModifyMenuA, GetMenuState, EnableMenuItem, CheckMenuItem, PostQuitMessage, ExitWindowsEx, ReplyMessage, GetFocus, DrawFocusRect, FillRect, FindWindowA, SetWindowRgn, GetActiveWindow, GetDC, SetRect, GetWindowLongA, LoadBitmapA, IsWindow, GetParent, GetWindowRect, SetWindowLongA, CallWindowProcA, RegisterClipboardFormatA, UnpackDDElParam, ReuseDDElParam, LoadMenuA, LoadAcceleratorsA, InsertMenuItemA, SetRectEmpty, BringWindowToTop, SetCursor, UpdateWindow, TranslateAcceleratorA, UnregisterClassA, GetMenuItemInfoA, GetNextDlgGroupItem, InvalidateRgn, CopyAcceleratorTableA, CharNextA, CreateWindowExA, RedrawWindow, MessageBeep, DestroyIcon, LoadImageA, GetIconInfo, CopyRect, DrawIconEx, WindowFromPoint, SetCapture, GetCapture, ClientToScreen, PtInRect, ReleaseCapture, GetClientRect, OffsetRect, InflateRect, GetSysColor, GetSystemMetrics, EnableWindow, CreatePopupMenu, AppendMenuA, SetMenuDefaultItem, GetCursorPos, TrackPopupMenu, DestroyMenu, ShowWindow, LoadIconA, SetForegroundWindow, InvalidateRect, KillTimer, SetTimer, PostMessageA, SendMessageA, GetClassInfoA, MessageBoxA, SystemParametersInfoA

GDI32.dll: SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, ExtSelectClipRgn, CreatePatternBrush, OffsetViewportOrgEx, Escape, CreateEllipticRgn, LPtoDP, Ellipse, GetBkColor, GetTextColor, GetRgnBox, SetViewportOrgEx, GetPixel, GetWindowExtEx, GetViewportExtEx, ExtTextOutA, TextOutA, ExtCreateRegion, CombineRgn, DPtoLP, CreateBitmap, GetMapMode, SetMapMode, BitBlt, SetBkColor, DeleteDC, StretchBlt, CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, DeleteObject, CreateFontIndirectA, CreateSolidBrush, GetStockObject, RectVisible, GetObjectA, GetTextExtentPoint32A, Rectangle, SelectClipRgn, SetBkMode, RestoreDC, SaveDC, SetTextColor, GetClipBox, CreateRectRgn, CreateFontA, SetRectRgn, CreateRectRgnIndirect, GetDeviceCaps, CreatePen, CreateDIBSection, PtVisible

COMDLG32.dll: GetFileTitleA

WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter

ADVAPI32.dll: AdjustTokenPrivileges, RegQueryValueA, RegOpenKeyA, OpenProcessToken, LookupPrivilegeValueA, RegConnectRegistryA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegCloseKey, RegEnumValueA, RegEnumKeyA, RegOpenKeyExA

SHELL32.dll: DragQueryFileA, SHGetDesktopFolder, SHGetPathFromIDListA, SHBrowseForFolderA, ShellExecuteA, SHGetFileInfoA, SHGetSpecialFolderPathA, Shell_NotifyIconA, DragFinish

COMCTL32.dll: -

SHLWAPI.dll: PathGetArgsA, PathFindExtensionA, PathFindFileNameA, PathStripToRootA, PathIsUNCA, StrFormatByteSize64A, PathRemoveFileSpecW

oledlg.dll: -

ole32.dll: CoGetClassObject, CoRegisterMessageFilter, CoRevokeClassObject, OleInitialize, CoFreeUnusedLibraries, OleUninitialize, CoTaskMemFree, CoCreateInstance, CLSIDFromProgID, CLSIDFromString, CoTaskMemAlloc, CoUninitialize, CoInitializeEx, OleFlushClipboard, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, OleIsCurrentClipboard

OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -

WS2_32.dll: WSASend, WSAWaitForMultipleEvents, WSAConnect, WSASocketA, WSARecv

ExifTool:

file metadata

CharacterSet: Windows, Korea (Shift - KSC 5601)

CodeSize: 423936

CompanyName: © Hive

EntryPoint: 0x53ec8

FileDescription:

FileFlagsMask: 0x003f

FileOS: Win32

FileSize: 2.7 MB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 1.0.0.5

FileVersionNumber: 1.0.0.5

ImageVersion: 0.0

InitializedDataSize: 2354688

InternalName: ZfileDown.exe

LanguageCode: Korean

LegalCopyright: © Hive All rights reserved.

LegalTrademarks: ZFILE

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.0

ObjectFileType: Executable application

OriginalFilename: ZfileDown.exe

PEType: PE32

ProductName:

ProductVersion: 1.0.0.5

ProductVersionNumber: 1.0.0.5

Subsystem: Windows GUI

SubsystemVersion: 5.0

TimeStamp: 2010:11:17 09:42:19+01:00

UninitializedDataSize: 0

==========================================================================

File name: grdmgr.exe

Submission date: 2011-01-25 20:17:34 (UTC)

Current status: queued (#93) queued analysing finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2011.01.18.00 2011.01.17 -

AntiVir 7.11.1.245 2011.01.25 -

Antiy-AVL 2.0.3.7 2011.01.25 -

Avast 4.8.1351.0 2011.01.25 -

Avast5 5.0.677.0 2011.01.25 -

AVG 10.0.0.1190 2011.01.25 -

BitDefender 7.2 2011.01.25 -

CAT-QuickHeal 11.00 2011.01.25 -

ClamAV 0.96.4.0 2011.01.25 -

Commtouch 5.2.11.5 2011.01.25 -

Comodo 7500 2011.01.25 -

DrWeb 5.0.2.03300 2011.01.25 -

Emsisoft 5.1.0.1 2011.01.25 -

eSafe 7.0.17.0 2011.01.24 -

eTrust-Vet 36.1.8118 2011.01.25 -

F-Prot 4.6.2.117 2011.01.25 -

F-Secure 9.0.16160.0 2011.01.25 -

Fortinet 4.2.254.0 2011.01.25 -

GData 21 2011.01.25 -

Ikarus T3.1.1.97.0 2011.01.25 -

Jiangmin 13.0.900 2011.01.24 -

K7AntiVirus 9.78.3647 2011.01.25 -

Kaspersky 7.0.0.125 2011.01.25 -

McAfee 5.400.0.1158 2011.01.25 -

McAfee-GW-Edition 2010.1C 2011.01.25 -

Microsoft 1.6502 2011.01.25 -

NOD32 5818 2011.01.25 -

Norman 6.06.12 2011.01.25 -

nProtect 2011-01-18.01 2011.01.18 -

Panda 10.0.2.7 2011.01.25 -

PCTools 7.0.3.5 2011.01.25 -

Prevx 3.0 2011.01.25 -

Rising 23.42.01.06 2011.01.25 -

Sophos 4.61.0 2011.01.25 -

SUPERAntiSpyware 4.40.0.1006 2011.01.25 -

Symantec 20101.3.0.103 2011.01.25 -

TheHacker 6.7.0.1.119 2011.01.24 -

TrendMicro 9.120.0.1004 2011.01.25 -

TrendMicro-HouseCall 9.120.0.1004 2011.01.25 -

VBA32 3.12.14.3 2011.01.25 -

VIPRE 8194 2011.01.25 -

ViRobot 2011.1.25.4274 2011.01.25 -

VirusBuster 13.6.164.1 2011.01.25 -

Additional informationShow all

MD5 : dceb3023f93efaed0d4bff8d7a64dc83

SHA1 : 24d802de5be883aade45cfcb64a36ada7c2cc7db

SHA256: 013e140e23d453ed5afb0e1451108bd74c1935c48d8f035dea1cff730bccd8fc

ssdeep: 1536:p+94c8MW9x0SZRKrWUIx4pRZ7OPBs0FMFCvJgZP1a9:p6r4WB7ws0ZEPg9

File size : 102400 bytes

First seen: 2007-12-28 05:29:28

Last seen : 2011-01-25 20:17:34

TrID:

Win64 Executable Generic (80.9%)

Win32 Executable Generic (8.0%)

Win32 Dynamic Link Library (generic) (7.1%)

Generic Win/DOS Executable (1.8%)

DOS Executable Generic (1.8%)

sigcheck:

publisher....: ___

copyright....: © NOWCOM. All rights reserved.

product......: GRDMgr

description..: ___ __ ___

original name: GRDMgr.exe

internal name: GRDMgr.exe

file version.: 1, 0, 0, 28

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0xCCBE

timedatestamp....: 0x4773611E (Thu Dec 27 08:23:58 2007)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0xCB35, 0xD000, 6.13, 4766e2272de1b0d817a828246c11fef0

.rdata, 0xE000, 0x36FC, 0x4000, 4.78, 805e453361aa5fbb969fc7ecde6b272b

.data, 0x12000, 0x101E0, 0x1000, 0.33, 8699568ecdd38a3fa36cdf7a99276dae

.rsrc, 0x23000, 0x5D08, 0x6000, 5.89, 648b5b24b03c520aa3213b32a2c9c231

[[ 14 import(s) ]]

WINMM.dll: timeGetTime

MFC71.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

MSVCR71.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _amsg_exit, _acmdln, exit, _cexit, _ismbblead, _setmbcp, __CxxFrameHandler, mbstowcs, sprintf, strftime, _localtime64, rand, _time64, srand, time, _purecall, memmove, free, _except_handler3, _access, _CxxThrowException, memset, __security_error_handler, __dllonexit, _XcptFilter, _exit, _c_exit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _onexit

KERNEL32.dll: DeleteFileA, ReadFile, OpenFileMappingA, CreateFileMappingA, MapViewOfFile, FlushViewOfFile, UnmapViewOfFile, CreateFileA, GetLastError, FormatMessageA, LocalFree, SetFilePointer, WriteFile, CloseHandle, WaitForSingleObject, CreateMutexA, GetTickCount, GetTempPathA, GetWindowsDirectoryA, ExitProcess, GetModuleHandleA, GetStartupInfoA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetVersionExA, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetSystemDirectoryA, SetFileAttributesA, GetFileAttributesA, LoadLibraryA, GetProcAddress, GetVersion, FreeLibrary, GlobalMemoryStatus, ReleaseMutex

USER32.dll: GetAsyncKeyState, GetSystemMetrics, EnableWindow, FillRect, KillTimer, SetTimer, PostThreadMessageA, IsIconic, ScrollDC, LoadIconA, InvalidateRect, DrawIcon, GetClassInfoA, PostMessageA, SendMessageA, GetClientRect

GDI32.dll: SetPixel, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, CreateFontA, CreateSolidBrush, CreatePen

ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA

SHELL32.dll: SHGetSpecialFolderPathA, ShellExecuteExA

COMCTL32.dll: -

ole32.dll: CoCreateInstance, CoInitializeEx

OLEAUT32.dll: -, -, -

WS2_32.dll: -, WSAIoctl, -, -, -, -, -, -, -, -, -, -, -, -

NETAPI32.dll: Netbios

iphlpapi.dll: GetIfEntry, GetAdaptersInfo, GetIfTable

ExifTool:

file metadata

CharacterSet: Windows, Korea (Shift - KSC 5601)

CodeSize: 53248

CompanyName:

EntryPoint: 0xccbe

FileDescription:

FileFlagsMask: 0x003f

FileOS: Win32

FileSize: 100 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 1, 0, 0, 28

FileVersionNumber: 1.0.0.28

ImageVersion: 0.0

InitializedDataSize: 110592

InternalName: GRDMgr.exe

LanguageCode: Korean

LegalCopyright: © NOWCOM. All rights reserved.

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

ObjectFileType: Executable application

OriginalFilename: GRDMgr.exe

PEType: PE32

ProductName: GRDMgr

ProductVersion: 1, 0, 0, 28

ProductVersionNumber: 1.0.0.28

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2007:12:27 09:23:58+01:00

UninitializedDataSize: 0

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.