Jump to content

malware trace virus detection


Recommended Posts

One day, i scanned the computer with MBAM and i found 4 viruses that said malware.trace

i clicked "remove" then it said they were deleted, quarantined successfully and i rebooted the computer.

But when i scanned another time i found same exact viruses found in the same exact location. They keep on reappearing even after all the process of removal.

please help!!

Internet Explorer 9.0.8112.16421

7/4/2011 9:26:41 AM

mbam-log-2011-07-04 (09-26-41).txt

Scan type: Quick scan

Objects scanned: 161394

Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\0200000070232f221363c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000070232f221363o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000070232f221363p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\Windows\System32\0200000070232f221363s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

I later got a feedback that says use a program called OTL and post these logs.

OTL Extras logfile created on: 7/11/2011 9:19:10 AM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sang\Downloads

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.00% Memory free

6.00 Gb Paging File | 4.92 Gb Available in Paging File | 81.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 285.84 Gb Total Space | 165.39 Gb Free Space | 57.86% Space Free | Partition Type: NTFS

Drive D: | 12.25 Gb Total Space | 0.01 Gb Free Space | 0.09% Space Free | Partition Type: NTFS

Drive K: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SANG-PC | User Name: Sang | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{32A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java SE Development Kit 6 Update 26

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{571CB303-4267-4D92-B45C-9B79ACC18632}" = Daum ActiveX ÄÁÆ®·Ñ - ? ????

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1

"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{9480A7FC-C476-4881-A92C-2E415DD362AE}" = DVR-Net

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced SystemCare 4_is1" = Advanced SystemCare 4

"ATITool" = ATITool Overclocking Utility

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"DAEMON Tools Lite" = DAEMON Tools Lite

"DtsFilter" = DTS+AC3 Filter

"Game Booster_is1" = Game Booster

"GOM Player" = GOM Player

"GomTV Launcher Plugin" = GOMTV Plug-in

"InstallPath" = SplashFightersIjji

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"LogMeIn Hamachi" = LogMeIn Hamachi

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)

"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PunkBusterSvc" = PunkBuster Services

"Smart Defrag 2_is1" = Smart Defrag 2

"Steam App 102700" = Alliance of Valiant Arms

"Steam App 105600" = Terraria

"Steam App 440" = Team Fortress 2

"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

"반디집" = 반디집

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/11/2011 11:38:29 AM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 7/11/2011 11:38:31 AM | Computer Name = Sang-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065,

time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting

process id: 0xb4c Faulting application start time: 0x01cc3fe0939617d0 Faulting application

path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe

Faulting

module path: C:\Windows\system32\KERNELBASE.dll Report Id: d40a5e22-abd3-11e0-afb7-0023543b9b91

Error - 7/11/2011 11:42:38 AM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 7/11/2011 11:42:38 AM | Computer Name = Sang-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065,

time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting

process id: 0xa3c Faulting application start time: 0x01cc3fe12434ad32 Faulting application

path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe

Faulting

module path: C:\Windows\system32\KERNELBASE.dll Report Id: 677571b7-abd4-11e0-ba54-0023543b9b91

Error - 7/11/2011 12:01:08 PM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 7/11/2011 12:01:09 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065,

time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting

process id: 0xf6c Faulting application start time: 0x01cc3fe3bd0e8204 Faulting application

path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe

Faulting

module path: C:\Windows\system32\KERNELBASE.dll Report Id: fdaf3a4f-abd6-11e0-bc58-0023543b9b91

Error - 7/11/2011 12:05:33 PM | Computer Name = Sang-PC | Source = .NET Runtime | ID = 1026

Description =

Error - 7/11/2011 12:05:34 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000

Description = Faulting application name: SimsMedievalLauncher.exe, version: 0.0.0.8065,

time stamp: 0x4db87261 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514,

time stamp: 0x4ce7b8f0 Exception code: 0xe0434352 Fault offset: 0x0000b760 Faulting

process id: 0xbf0 Faulting application start time: 0x01cc3fe45bb810c1 Faulting application

path: C:\Program Files\Electronic Arts\The Sims Medieval\Game\Bin\SimsMedievalLauncher.exe

Faulting

module path: C:\Windows\system32\KERNELBASE.dll Report Id: 9b52c6e6-abd7-11e0-bc58-0023543b9b91

Error - 7/11/2011 12:11:37 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000

Description = Faulting application name: TSM.exe, version: 0.0.0.7201, time stamp:

0x4d55f689 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x30411ab0 Faulting process id: 0x7b8 Faulting application

start time: 0x01cc3fe46f22e67a Faulting application path: C:\Program Files\Electronic

Arts\The Sims Medieval\Game\Bin\TSM.exe Faulting module path: unknown Report Id:

73d2a1bf-abd8-11e0-bc58-0023543b9b91

Error - 7/11/2011 12:14:32 PM | Computer Name = Sang-PC | Source = Application Error | ID = 1000

Description = Faulting application name: TSM.exe, version: 0.0.0.7201, time stamp:

0x4d55f689 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x1ae1ade0 Faulting process id: 0xf14 Faulting application

start time: 0x01cc3fe55957bade Faulting application path: C:\Program Files\Electronic

Arts\The Sims Medieval\Game\Bin\TSM.exe Faulting module path: unknown Report Id:

dc1c5a53-abd8-11e0-bc58-0023543b9b91

[ System Events ]

Error - 7/11/2011 11:45:44 AM | Computer Name = Sang-PC | Source = nvlddmkm | ID = 11141134

Description =

Error - 7/11/2011 11:46:19 AM | Computer Name = Sang-PC | Source = PNRPSvc | ID = 102

Description =

Error - 7/11/2011 11:46:19 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7001

Description = The Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/11/2011 11:46:19 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7023

Description = The Peer Name Resolution Protocol service terminated with the following

error: %%-2140993535

Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = PNRPSvc | ID = 102

Description =

Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = PNRPSvc | ID = 102

Description =

Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7023

Description = The Peer Name Resolution Protocol service terminated with the following

error: %%-2140993535

Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7001

Description = The Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error: %%-2140993535

Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7023

Description = The Peer Name Resolution Protocol service terminated with the following

error: %%-2140993535

Error - 7/11/2011 11:46:30 AM | Computer Name = Sang-PC | Source = Service Control Manager | ID = 7001

Description = The Peer Networking Grouping service depends on the Peer Name Resolution

Protocol service which failed to start because of the following error: %%-2140993535

< End of report >

OTL logfile created on: 7/11/2011 9:19:10 AM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Sang\Downloads

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.00% Memory free

6.00 Gb Paging File | 4.92 Gb Available in Paging File | 81.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 285.84 Gb Total Space | 165.39 Gb Free Space | 57.86% Space Free | Partition Type: NTFS

Drive D: | 12.25 Gb Total Space | 0.01 Gb Free Space | 0.09% Space Free | Partition Type: NTFS

Drive K: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SANG-PC | User Name: Sang | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 09:16:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sang\Downloads\OTL.scr

PRC - [2011/07/01 07:18:44 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011/07/01 07:18:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/15 14:51:08 | 000,683,352 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe

PRC - [2011/06/08 20:19:24 | 001,583,960 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

PRC - [2011/05/24 23:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011/05/24 23:09:07 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2011/05/24 23:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/20 02:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/20 05:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

========== Modules (SafeList) ==========

MOD - [2011/07/11 09:16:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sang\Downloads\OTL.scr

MOD - [2010/11/20 05:19:26 | 000,374,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMETIP.DLL

MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MOD - [2009/07/13 18:15:36 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrtip.dll

MOD - [2009/07/13 18:15:36 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrapi.dll

MOD - [2009/07/13 18:15:35 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMJKAPI.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/07/01 07:18:44 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011/07/01 07:18:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/06/27 01:01:51 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)

SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011/05/24 23:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/05/14 00:46:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/04/04 16:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/07/10 10:24:04 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011/07/01 07:18:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/07/01 07:18:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/05/24 23:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011/02/23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/10/14 22:28:44 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2009/10/14 22:28:44 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2009/10/14 22:28:44 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2009/09/18 22:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009/09/18 22:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009/09/18 22:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)

DRV - [2009/07/13 15:54:14 | 000,157,568 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbdaV.sys -- (xcbdaNtscV) ViXS Tuner Card (NTSC)

DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2006/11/10 06:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)

DRV - [2005/01/01 20:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data]

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 60 B3 9B EF 11 CC 01 [binary data]

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data]

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3335826871-767681240-3273376228-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 55 63 61 15 4D 1E A9 42 B9 A1 62 62 83 20 4E E6 [binary data]

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "yahoo.co.kr"

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 56020

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\Sang\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Sang\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/26 20:47:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/04 09:37:39 | 000,000,000 | ---D | M]

[2011/05/22 11:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sang\AppData\Roaming\Mozilla\Extensions

[2011/06/30 09:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions

[2011/06/18 20:08:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136}

[2011/07/03 06:20:49 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}

[2011/06/18 20:08:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0}

[2011/05/27 12:05:15 | 000,002,574 | ---- | M] () -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\searchplugins\askcom.xml

[2011/05/22 10:26:27 | 000,002,264 | ---- | M] () -- C:\Users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\searchplugins\bing-zugo.xml

[2011/07/04 09:37:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/07/04 09:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2011/06/26 20:47:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/07/04 09:37:35 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O3 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001..\Run: [steam] C:\Program Files\steam1\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3335826871-767681240-3273376228-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O7 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_6/DaumActiveX.cab?ver=2,0,0,6 (Daum ActiveX manager Class)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011/02/16 15:30:09 | 000,048,912 | R--- | M] (Electronic Arts) - K:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2010/11/22 17:09:03 | 000,000,052 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{f3e397ae-7de5-11e0-8dc6-0023543b9b91}\Shell - "" = AutoRun

O33 - MountPoints2\{f3e397ae-7de5-11e0-8dc6-0023543b9b91}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{fc17332e-aaff-11e0-aabf-0023543b9b91}\Shell - "" = AutoRun

O33 - MountPoints2\{fc17332e-aaff-11e0-aabf-0023543b9b91}\Shell\AutoRun\command - "" = K:\Autorun.exe -- [2011/02/16 15:30:09 | 000,048,912 | R--- | M] (Electronic Arts)

O33 - MountPoints2\J\Shell - "" = AutoRun

O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %*

O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\krn.exe" -a "%1" %*

O37 - HKU\S-1-5-21-3335826871-767681240-3273376228-1001\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 08:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2011/07/10 10:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2011/07/10 10:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011/07/10 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Sang\Documents\Electronic Arts

[2011/07/10 10:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE

[2011/07/10 10:24:04 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011/07/10 10:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

[2011/07/10 10:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2011/07/10 10:23:44 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\DAEMON Tools Lite

[2011/07/10 10:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite

[2011/07/09 08:28:17 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\Adobe

[2011/07/07 09:22:24 | 000,566,680 | ---- | C] (Daum Communications) -- C:\Windows\System32\POTWEB.OCX

[2011/07/07 09:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Daum

[2011/07/07 09:22:15 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum

[2011/07/04 12:45:03 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\Apple

[2011/07/04 09:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/07/04 09:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sun

[2011/07/03 10:02:01 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011/07/02 20:23:15 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2011/07/02 19:59:55 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ATITool

[2011/07/02 19:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATITool

[2011/07/02 19:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATITool

[2011/06/28 23:27:57 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\uTorrent

[2011/06/27 09:32:11 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Avira

[2011/06/27 09:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/06/27 09:28:54 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/06/27 09:28:54 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/06/27 09:28:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011/06/27 09:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/06/27 09:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011/06/26 20:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2011/06/26 20:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011/06/26 12:39:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011/06/23 16:00:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview

[2011/06/23 15:59:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2011/06/22 20:13:01 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll

[2011/06/20 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus

[2011/06/19 20:38:08 | 000,000,000 | ---D | C] -- C:\Riot Games

[2011/06/19 20:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2011/06/19 20:26:45 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\LogMeIn Hamachi

[2011/06/19 20:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

[2011/06/19 20:18:33 | 000,000,000 | ---D | C] -- C:\Users\Sang\Desktop\LeagueOfLegends

[2011/06/19 10:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4

[2011/06/18 20:47:06 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\ElevatedDiagnostics

[2011/06/18 20:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\steam1

[2011/06/18 20:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2011/06/13 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\SmartDraw

[2011/06/13 21:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\SmartDraw VP

[2011/06/13 18:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2011/06/13 17:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop CS5.1

[2011/06/13 17:54:20 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/06/13 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant

[2011/06/13 17:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2011/06/12 21:09:19 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Local\Yahoo!

[2011/06/11 19:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi

[2011/06/11 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\Sang\Documents\My Games

[2011/06/11 18:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA

[2011/06/11 18:43:02 | 000,000,000 | ---D | C] -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2011/06/11 13:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Sang\Desktop\*.tmp files -> C:\Users\Sang\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 09:06:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job

[2011/07/11 08:52:53 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk

[2011/07/11 08:51:01 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/11 08:50:59 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/11 08:50:45 | 000,655,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/07/11 08:50:45 | 000,118,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/07/11 08:45:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/11 08:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/11 08:45:37 | 2415,308,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/11 08:23:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/10 10:24:04 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2011/07/10 10:24:00 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2011/07/10 10:06:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job

[2011/07/08 15:24:38 | 000,000,217 | ---- | M] () -- C:\Users\Sang\Desktop\Alliance of Valiant Arms.url

[2011/07/06 09:51:04 | 000,000,126 | ---- | M] () -- C:\Windows\System32\1518332610

[2011/07/05 11:26:26 | 000,000,080 | ---- | M] () -- C:\ProgramData\7051fab2

[2011/07/03 10:02:02 | 000,002,306 | ---- | M] () -- C:\Users\Sang\Desktop\Google Chrome.lnk

[2011/07/03 08:07:14 | 000,005,335 | ---- | M] () -- C:\Users\Sang\AppData\Roaming\FDBE.091

[2011/07/01 07:18:45 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/07/01 07:18:45 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011/06/29 09:01:32 | 000,292,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/06/27 09:29:03 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/06/26 19:22:26 | 000,011,220 | -HS- | M] () -- C:\Users\Sang\AppData\Local\448fqp1244v2itbh10ux24jwrf07

[2011/06/26 19:22:26 | 000,011,220 | -HS- | M] () -- C:\ProgramData\3145034876

[2011/06/26 19:22:07 | 000,011,824 | -HS- | M] () -- C:\ProgramData\448fqp1244v2itbh10ux24jwrf07

[2011/06/26 12:35:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/06/24 18:18:23 | 000,000,214 | ---- | M] () -- C:\Users\Sang\Desktop\Team Fortress 2.url

[2011/06/19 20:41:21 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2011/06/19 10:04:20 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk

[2011/06/18 20:23:31 | 000,000,217 | ---- | M] () -- C:\Users\Sang\Desktop\Terraria.url

[2011/06/18 20:21:16 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

[2011/06/13 22:39:15 | 000,066,902 | ---- | M] () -- C:\Users\Sang\Documents\first floor.sdr

[2011/06/13 22:34:46 | 000,082,925 | ---- | M] () -- C:\Users\Sang\Documents\Second Floor.sdr

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Sang\Desktop\*.tmp files -> C:\Users\Sang\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 08:52:53 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ Medieval.lnk

[2011/07/10 10:24:00 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

[2011/07/08 15:24:38 | 000,000,217 | ---- | C] () -- C:\Users\Sang\Desktop\Alliance of Valiant Arms.url

[2011/07/03 10:02:02 | 000,002,306 | ---- | C] () -- C:\Users\Sang\Desktop\Google Chrome.lnk

[2011/07/03 10:01:37 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job

[2011/07/03 10:01:33 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job

[2011/06/30 09:46:34 | 000,000,126 | ---- | C] () -- C:\Windows\System32\1518332610

[2011/06/27 09:29:03 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/06/26 19:11:28 | 000,011,220 | -HS- | C] () -- C:\Users\Sang\AppData\Local\448fqp1244v2itbh10ux24jwrf07

[2011/06/26 19:11:28 | 000,011,220 | -HS- | C] () -- C:\ProgramData\3145034876

[2011/06/26 19:11:08 | 000,011,824 | -HS- | C] () -- C:\ProgramData\448fqp1244v2itbh10ux24jwrf07

[2011/06/24 18:17:36 | 000,000,214 | ---- | C] () -- C:\Users\Sang\Desktop\Team Fortress 2.url

[2011/06/22 20:14:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/06/22 20:14:07 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd

[2011/06/22 20:12:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/06/22 20:12:40 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml

[2011/06/22 20:12:30 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml

[2011/06/19 20:41:21 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2011/06/19 10:04:21 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/06/19 10:04:21 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2011/06/19 10:04:20 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk

[2011/06/18 20:21:16 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk

[2011/06/14 13:26:03 | 000,000,080 | ---- | C] () -- C:\ProgramData\7051fab2

[2011/06/13 22:32:39 | 000,082,925 | ---- | C] () -- C:\Users\Sang\Documents\Second Floor.sdr

[2011/06/13 22:03:20 | 000,066,902 | ---- | C] () -- C:\Users\Sang\Documents\first floor.sdr

[2011/06/11 18:43:02 | 000,000,217 | ---- | C] () -- C:\Users\Sang\Desktop\Terraria.url

[2011/05/29 15:02:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011/05/24 22:54:10 | 000,001,252 | -HS- | C] () -- C:\Users\Sang\AppData\Local\t2342bpnbb47w8

[2011/05/24 22:54:10 | 000,001,252 | -HS- | C] () -- C:\ProgramData\t2342bpnbb47w8

[2011/05/24 22:53:56 | 000,005,335 | ---- | C] () -- C:\Users\Sang\AppData\Roaming\FDBE.091

[2011/05/23 22:03:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2011/05/23 22:03:32 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011/05/16 16:07:30 | 000,138,056 | ---- | C] () -- C:\Users\Sang\AppData\Roaming\PnkBstrK.sys

[2011/05/16 16:07:30 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011/05/16 16:06:15 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011/05/16 16:06:11 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2011/05/16 16:06:11 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2011/05/13 22:16:47 | 001,089,536 | ---- | C] () -- C:\Windows\System32\decoderdll.dll

[2011/05/13 22:16:47 | 000,036,864 | ---- | C] () -- C:\Windows\System32\netdecdll.dll

[2011/05/13 22:16:47 | 000,024,576 | ---- | C] () -- C:\Windows\System32\decompress.dll

[2011/05/13 22:16:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CSCC.DLL

[2011/05/13 22:16:47 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll

[2011/05/13 21:54:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:33:53 | 000,292,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 19:05:48 | 000,655,438 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 19:05:48 | 000,118,564 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2006/11/10 06:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys

========== LOP Check ==========

[2011/05/14 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\Auslogics

[2011/06/13 17:54:20 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011/07/10 10:25:08 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\DAEMON Tools Lite

[2011/05/20 18:22:36 | 000,000,000 | -H-D | M] -- C:\Users\Sang\AppData\Roaming\ijjigame

[2011/05/14 08:06:58 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\IObit

[2011/05/13 23:34:02 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\LolClient

[2011/05/13 22:13:32 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\OpenOffice.org

[2011/05/23 22:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\Samsung

[2011/06/18 20:08:06 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\SmartDraw

[2011/07/10 23:54:16 | 000,000,000 | ---D | M] -- C:\Users\Sang\AppData\Roaming\uTorrent

[2011/06/26 19:54:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/26 20:47:02 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/21 00:18:36 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/26 20:47:00 | 000,712,976 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/26 20:47:02 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Sang\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/23 23:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/21 00:18:36 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/21 00:18:36 | 000,748,336 | ---- | M] (Microsoft Corporation)

< >

========== Files - Unicode (All) ==========

[2011/07/05 11:27:09 | 000,000,000 | ---D | M](C:\Users\Sang\Desktop\???) -- C:\Users\Sang\Desktop\엄마꺼

[2011/05/23 21:25:56 | 000,000,000 | ---D | C](C:\Users\Sang\Desktop\???) -- C:\Users\Sang\Desktop\엄마꺼

[2011/05/13 21:49:05 | 000,001,130 | ---- | M] ()(C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\???.lnk) -- C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\반디집.lnk

[2011/05/13 21:49:05 | 000,001,130 | ---- | C] ()(C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\???.lnk) -- C:\Users\Sang\Application Data\Microsoft\Internet Explorer\Quick Launch\반디집.lnk

(C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???) -- C:\Users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\반디집

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Link to post
Share on other sites

Hello stars93 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

2011/07/19 11:27:36.0702 5968 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/19 11:27:37.0838 5968 ================================================================================

2011/07/19 11:27:37.0838 5968 SystemInfo:

2011/07/19 11:27:37.0839 5968

2011/07/19 11:27:37.0839 5968 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/19 11:27:37.0839 5968 Product type: Workstation

2011/07/19 11:27:37.0839 5968 ComputerName: SANG-PC

2011/07/19 11:27:37.0839 5968 UserName: Sang

2011/07/19 11:27:37.0839 5968 Windows directory: C:\Windows

2011/07/19 11:27:37.0839 5968 System windows directory: C:\Windows

2011/07/19 11:27:37.0839 5968 Processor architecture: Intel x86

2011/07/19 11:27:37.0839 5968 Number of processors: 2

2011/07/19 11:27:37.0839 5968 Page size: 0x1000

2011/07/19 11:27:37.0839 5968 Boot type: Normal boot

2011/07/19 11:27:37.0839 5968 ================================================================================

2011/07/19 11:27:38.0865 5968 Initialize success

2011/07/19 11:27:40.0542 7240 ================================================================================

2011/07/19 11:27:40.0542 7240 Scan started

2011/07/19 11:27:40.0542 7240 Mode: Manual;

2011/07/19 11:27:40.0542 7240 ================================================================================

2011/07/19 11:27:41.0510 7240 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/07/19 11:27:41.0566 7240 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/07/19 11:27:41.0616 7240 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/07/19 11:27:41.0665 7240 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/19 11:27:41.0713 7240 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/19 11:27:41.0735 7240 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/19 11:27:41.0804 7240 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/07/19 11:27:41.0858 7240 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/07/19 11:27:41.0910 7240 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/07/19 11:27:41.0985 7240 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/07/19 11:27:42.0015 7240 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/07/19 11:27:42.0039 7240 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/07/19 11:27:42.0090 7240 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/19 11:27:42.0126 7240 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/19 11:27:42.0160 7240 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/07/19 11:27:42.0203 7240 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/19 11:27:42.0239 7240 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/07/19 11:27:42.0341 7240 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/07/19 11:27:42.0417 7240 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/07/19 11:27:42.0455 7240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/19 11:27:42.0524 7240 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/19 11:27:42.0576 7240 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/07/19 11:27:42.0645 7240 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\Windows\system32\DRIVERS\ATITool.sys

2011/07/19 11:27:42.0714 7240 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/07/19 11:27:42.0794 7240 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/07/19 11:27:42.0851 7240 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/07/19 11:27:42.0901 7240 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/07/19 11:27:42.0946 7240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/07/19 11:27:42.0985 7240 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/19 11:27:43.0024 7240 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/19 11:27:43.0060 7240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/19 11:27:43.0084 7240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/19 11:27:43.0113 7240 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/07/19 11:27:43.0134 7240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/19 11:27:43.0154 7240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/19 11:27:43.0173 7240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/19 11:27:43.0193 7240 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/19 11:27:43.0245 7240 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/19 11:27:43.0296 7240 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/19 11:27:43.0332 7240 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/19 11:27:43.0370 7240 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/07/19 11:27:43.0440 7240 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/19 11:27:43.0475 7240 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/07/19 11:27:43.0504 7240 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/07/19 11:27:43.0532 7240 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/19 11:27:43.0593 7240 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/19 11:27:43.0628 7240 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/19 11:27:43.0758 7240 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/07/19 11:27:43.0959 7240 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/07/19 11:27:43.0994 7240 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/07/19 11:27:44.0024 7240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/07/19 11:27:44.0078 7240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/07/19 11:27:44.0143 7240 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

2011/07/19 11:27:44.0187 7240 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/19 11:27:44.0298 7240 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/07/19 11:27:44.0455 7240 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/19 11:27:44.0528 7240 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/07/19 11:27:44.0777 7240 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/07/19 11:27:44.0827 7240 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/07/19 11:27:44.0879 7240 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/19 11:27:44.0920 7240 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/07/19 11:27:44.0940 7240 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/07/19 11:27:44.0964 7240 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/19 11:27:45.0005 7240 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/07/19 11:27:45.0041 7240 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/07/19 11:27:45.0097 7240 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS

2011/07/19 11:27:45.0171 7240 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/19 11:27:45.0222 7240 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/19 11:27:45.0253 7240 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/19 11:27:45.0294 7240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/19 11:27:45.0353 7240 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

2011/07/19 11:27:45.0396 7240 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/19 11:27:45.0467 7240 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/07/19 11:27:45.0517 7240 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/19 11:27:45.0553 7240 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/19 11:27:45.0576 7240 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/19 11:27:45.0613 7240 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/19 11:27:45.0672 7240 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

2011/07/19 11:27:45.0748 7240 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/19 11:27:45.0790 7240 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/07/19 11:27:45.0848 7240 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/19 11:27:45.0896 7240 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/07/19 11:27:45.0949 7240 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/07/19 11:27:45.0995 7240 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/19 11:27:46.0084 7240 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

2011/07/19 11:27:46.0257 7240 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/07/19 11:27:46.0315 7240 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/19 11:27:46.0359 7240 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/19 11:27:46.0413 7240 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/19 11:27:46.0452 7240 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/07/19 11:27:46.0494 7240 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/07/19 11:27:46.0531 7240 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/07/19 11:27:46.0571 7240 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/07/19 11:27:46.0612 7240 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

2011/07/19 11:27:46.0659 7240 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

2011/07/19 11:27:46.0720 7240 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/19 11:27:46.0773 7240 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/19 11:27:46.0876 7240 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/19 11:27:46.0923 7240 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/19 11:27:46.0946 7240 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/19 11:27:46.0965 7240 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/19 11:27:46.0983 7240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/19 11:27:47.0019 7240 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/07/19 11:27:47.0065 7240 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/07/19 11:27:47.0107 7240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/19 11:27:47.0152 7240 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/19 11:27:47.0183 7240 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/07/19 11:27:47.0216 7240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/19 11:27:47.0272 7240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

2011/07/19 11:27:47.0391 7240 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/19 11:27:47.0436 7240 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/07/19 11:27:47.0473 7240 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/07/19 11:27:47.0502 7240 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/19 11:27:47.0558 7240 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/07/19 11:27:47.0591 7240 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/19 11:27:47.0628 7240 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/19 11:27:47.0666 7240 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/19 11:27:47.0725 7240 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/07/19 11:27:47.0772 7240 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/07/19 11:27:47.0830 7240 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/07/19 11:27:47.0849 7240 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/19 11:27:47.0891 7240 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/07/19 11:27:47.0939 7240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/19 11:27:47.0959 7240 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/19 11:27:47.0972 7240 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/07/19 11:27:48.0002 7240 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/07/19 11:27:48.0048 7240 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/07/19 11:27:48.0090 7240 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/07/19 11:27:48.0108 7240 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/19 11:27:48.0137 7240 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/07/19 11:27:48.0177 7240 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/19 11:27:48.0239 7240 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/07/19 11:27:48.0298 7240 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/19 11:27:48.0342 7240 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/19 11:27:48.0398 7240 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/19 11:27:48.0443 7240 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/19 11:27:48.0528 7240 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/07/19 11:27:48.0568 7240 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/19 11:27:48.0609 7240 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/19 11:27:48.0744 7240 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/19 11:27:48.0789 7240 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/07/19 11:27:48.0832 7240 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/19 11:27:48.0954 7240 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/07/19 11:27:49.0037 7240 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/07/19 11:27:49.0241 7240 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/07/19 11:27:49.0526 7240 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/07/19 11:27:49.0578 7240 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/07/19 11:27:49.0833 7240 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/07/19 11:27:49.0885 7240 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/07/19 11:27:49.0927 7240 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/07/19 11:27:49.0979 7240 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/07/19 11:27:50.0004 7240 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/07/19 11:27:50.0055 7240 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/07/19 11:27:50.0151 7240 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/07/19 11:27:50.0179 7240 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/19 11:27:50.0209 7240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/07/19 11:27:50.0253 7240 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/07/19 11:27:50.0517 7240 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/19 11:27:50.0574 7240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/07/19 11:27:50.0734 7240 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/19 11:27:50.0784 7240 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/19 11:27:50.0846 7240 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/19 11:27:50.0886 7240 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/19 11:27:50.0939 7240 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/19 11:27:50.0987 7240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/19 11:27:51.0029 7240 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/19 11:27:51.0059 7240 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/19 11:27:51.0129 7240 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/19 11:27:51.0182 7240 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/19 11:27:51.0230 7240 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/19 11:27:51.0282 7240 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/19 11:27:51.0332 7240 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/07/19 11:27:51.0368 7240 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/19 11:27:51.0405 7240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/19 11:27:51.0474 7240 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

2011/07/19 11:27:51.0530 7240 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/07/19 11:27:51.0632 7240 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/07/19 11:27:51.0774 7240 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/19 11:27:51.0815 7240 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/07/19 11:27:51.0889 7240 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/07/19 11:27:51.0959 7240 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/07/19 11:27:52.0018 7240 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/19 11:27:52.0090 7240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/07/19 11:27:52.0162 7240 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/19 11:27:52.0196 7240 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/07/19 11:27:52.0242 7240 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/19 11:27:52.0301 7240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/07/19 11:27:52.0351 7240 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/19 11:27:52.0413 7240 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/19 11:27:52.0454 7240 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/19 11:27:52.0522 7240 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/07/19 11:27:52.0549 7240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/19 11:27:52.0588 7240 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/19 11:27:52.0658 7240 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) C:\Windows\system32\Drivers\SmartDefragDriver.sys

2011/07/19 11:27:52.0729 7240 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/07/19 11:27:52.0756 7240 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/07/19 11:27:52.0829 7240 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/07/19 11:27:52.0866 7240 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/19 11:27:52.0902 7240 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/19 11:27:52.0957 7240 sscdbus (86b6905742d77775b558ab19c091d181) C:\Windows\system32\DRIVERS\sscdbus.sys

2011/07/19 11:27:53.0024 7240 sscdmdfl (d6b1ca82860d2fa5558eb2c3fcf566ec) C:\Windows\system32\DRIVERS\sscdmdfl.sys

2011/07/19 11:27:53.0065 7240 sscdmdm (84cb615598553a146930cac8c10f9a31) C:\Windows\system32\DRIVERS\sscdmdm.sys

2011/07/19 11:27:53.0132 7240 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/07/19 11:27:53.0182 7240 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys

2011/07/19 11:27:53.0221 7240 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys

2011/07/19 11:27:53.0249 7240 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys

2011/07/19 11:27:53.0311 7240 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/19 11:27:53.0370 7240 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/07/19 11:27:53.0403 7240 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/07/19 11:27:53.0426 7240 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/07/19 11:27:53.0544 7240 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys

2011/07/19 11:27:53.0648 7240 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/19 11:27:53.0765 7240 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/19 11:27:53.0844 7240 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/07/19 11:27:53.0879 7240 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/07/19 11:27:53.0930 7240 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/19 11:27:54.0106 7240 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/07/19 11:27:54.0226 7240 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/19 11:27:54.0308 7240 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/19 11:27:54.0410 7240 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/19 11:27:54.0464 7240 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/19 11:27:54.0507 7240 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/19 11:27:54.0566 7240 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/19 11:27:54.0619 7240 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/07/19 11:27:54.0680 7240 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/19 11:27:54.0744 7240 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/19 11:27:54.0784 7240 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/07/19 11:27:54.0874 7240 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/19 11:27:54.0958 7240 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/19 11:27:55.0006 7240 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

2011/07/19 11:27:55.0037 7240 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/19 11:27:55.0077 7240 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/19 11:27:55.0126 7240 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/19 11:27:55.0166 7240 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/19 11:27:55.0216 7240 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/19 11:27:55.0257 7240 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/19 11:27:55.0295 7240 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/07/19 11:27:55.0396 7240 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/07/19 11:27:55.0481 7240 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/07/19 11:27:55.0527 7240 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/07/19 11:27:55.0564 7240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/07/19 11:27:55.0612 7240 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/07/19 11:27:55.0655 7240 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/07/19 11:27:55.0718 7240 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/07/19 11:27:55.0773 7240 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/07/19 11:27:55.0822 7240 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/07/19 11:27:55.0857 7240 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/19 11:27:55.0887 7240 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/07/19 11:27:55.0933 7240 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/19 11:27:55.0975 7240 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/19 11:27:55.0989 7240 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/19 11:27:56.0048 7240 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/07/19 11:27:56.0085 7240 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/19 11:27:56.0145 7240 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/19 11:27:56.0170 7240 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/07/19 11:27:56.0255 7240 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/19 11:27:56.0308 7240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/19 11:27:56.0374 7240 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/19 11:27:56.0451 7240 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/07/19 11:27:56.0525 7240 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/19 11:27:56.0583 7240 xcbdaNtscV (d697099edc21307965518f7db5972eb9) C:\Windows\system32\DRIVERS\xcbdaV.sys

2011/07/19 11:27:56.0643 7240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/19 11:27:56.0652 7240 Boot (0x1200) (fceef006914383e4a9eabe87a3550c78) \Device\Harddisk0\DR0\Partition0

2011/07/19 11:27:56.0696 7240 Boot (0x1200) (d5589805bbec41617064f4e3955cf253) \Device\Harddisk0\DR0\Partition1

2011/07/19 11:27:56.0723 7240 ================================================================================

2011/07/19 11:27:56.0723 7240 Scan finished

2011/07/19 11:27:56.0723 7240 ================================================================================

2011/07/19 11:27:56.0733 6160 Detected object count: 0

2011/07/19 11:27:56.0733 6160 Actual detected object count: 0

2011/07/19 11:28:00.0673 7824 Deinitialize success

ComboFix 11-07-19.03 - Sang 07/19/2011 11:34:15.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1929 [GMT -7:00]

Running from: c:\users\Sang\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\steam1\Steam.exe

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136}

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136}\chrome\xulcache.jar

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{04c90192-782d-4b9d-a2d5-48c0b8a5d136}\install.rdf

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\chrome.manifest

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\chrome\xulcache.jar

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\defaults\preferences\xulcache.js

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{063b4723-bd2e-4df8-b128-54df444dcf61}\install.rdf

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0}

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0}\chrome\xulcache.jar

c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\extensions\{1cd80fad-f372-4e98-92a9-059afbb965f0}\install.rdf

c:\windows\system32\Ijl11.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))

.

.

2011-07-19 18:39 . 2011-07-19 18:39 -------- d-----w- c:\users\Sang\AppData\Local\temp

2011-07-19 18:39 . 2011-07-19 18:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-19 18:39 . 2011-07-19 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-17 01:03 . 2011-07-17 01:03 -------- d-----w- c:\program files\Microsoft Silverlight

2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\Electronic Arts

2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\Electronic Arts

2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\EA Core

2011-07-10 17:31 . 2011-07-10 17:31 -------- d-----w- c:\program files\Microsoft WSE

2011-07-10 17:24 . 2011-07-10 17:24 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-10 17:23 . 2011-07-10 17:24 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-07-10 17:23 . 2011-07-10 17:25 -------- d-----w- c:\users\Sang\AppData\Roaming\DAEMON Tools Lite

2011-07-10 17:23 . 2011-07-10 17:23 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-09 15:28 . 2011-07-09 15:28 -------- d-----w- c:\users\Sang\AppData\Local\Adobe

2011-07-07 16:22 . 2010-03-05 02:59 566680 ----a-w- c:\windows\system32\POTWEB.OCX

2011-07-07 16:22 . 2011-07-07 16:22 -------- d-----w- c:\program files\Daum

2011-07-04 19:45 . 2011-07-04 19:45 -------- d-----w- c:\users\Sang\AppData\Local\Apple

2011-07-04 16:38 . 2011-07-04 16:38 -------- d-----w- c:\program files\Common Files\Java

2011-07-04 16:37 . 2011-07-04 16:37 -------- d-----w- c:\program files\Sun

2011-07-04 16:37 . 2011-07-04 16:37 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-07-03 03:23 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll

2011-07-03 03:23 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll

2011-07-03 03:23 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-07-03 03:23 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-07-03 03:23 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll

2011-07-03 03:23 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll

2011-07-03 03:23 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-07-03 03:23 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll

2011-07-03 03:23 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll

2011-07-03 03:23 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-07-03 03:23 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll

2011-07-03 02:59 . 2011-07-03 03:00 -------- d-----w- c:\program files\ATITool

2011-06-29 06:27 . 2011-07-19 18:33 -------- d-----w- c:\users\Sang\AppData\Roaming\uTorrent

2011-06-28 18:08 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 18:08 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-28 18:08 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-28 18:08 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-28 18:08 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-28 18:08 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-28 18:08 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-28 18:08 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-28 18:08 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-28 18:08 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-27 16:32 . 2011-06-27 16:32 -------- d-----w- c:\users\Sang\AppData\Roaming\Avira

2011-06-27 16:28 . 2011-07-01 14:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-27 16:28 . 2011-07-01 14:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-27 16:28 . 2011-07-01 14:22 -------- d-----w- c:\programdata\Avira

2011-06-27 16:28 . 2011-06-27 16:28 -------- d-----w- c:\program files\Avira

2011-06-27 03:58 . 2011-06-27 03:58 -------- d-----w- c:\program files\Enigma Software Group

2011-06-27 03:57 . 2011-06-27 06:41 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP

2011-06-27 03:57 . 2011-06-27 03:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-06-27 03:47 . 2011-06-27 03:47 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-27 03:47 . 2011-06-27 03:47 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-24 13:28 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{500FF4E3-CBDD-4EE6-B87A-24D95CB3053C}\mpengine.dll

2011-06-23 23:00 . 2011-06-23 23:00 -------- d-----w- c:\windows\system32\SPReview

2011-06-23 22:59 . 2011-06-23 22:59 -------- d-----w- c:\windows\system32\EventProviders

2011-06-23 03:13 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2011-06-23 03:12 . 2010-11-20 12:21 444928 ----a-w- c:\windows\system32\wvc.dll

2011-06-20 03:38 . 2011-06-20 03:38 -------- d-----w- C:\Riot Games

2011-06-20 03:26 . 2011-06-20 15:48 -------- d-----w- c:\users\Sang\AppData\Local\LogMeIn Hamachi

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-07 02:52 . 2011-05-14 05:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2011-05-14 05:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 16:37 . 2011-05-14 05:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-23 23:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-05-25 06:09 . 2011-04-08 05:45 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-05-25 06:09 . 2011-04-08 05:45 615528 ----a-w- c:\windows\system32\nvvsvc.exe

2011-05-25 06:09 . 2011-04-08 05:45 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-05-25 06:09 . 2011-04-08 05:44 2557544 ----a-w- c:\windows\system32\nvsvc.dll

2011-05-25 06:09 . 2011-04-08 05:45 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-05-25 06:09 . 2011-04-08 05:44 3693672 ----a-w- c:\windows\system32\nvcpl.dll

2011-05-25 06:09 . 2011-07-03 03:23 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-05-25 06:09 . 2011-05-14 05:51 2335848 ----a-w- c:\windows\system32\nvapi.dll

2011-05-25 02:14 . 2011-05-14 05:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-21 07:18 . 2011-05-21 07:18 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-21 07:18 . 2011-05-21 07:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-21 07:18 . 2011-05-21 07:18 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-21 07:18 . 2011-05-21 07:18 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-21 07:18 . 2011-05-21 07:18 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-21 07:18 . 2011-05-21 07:18 367104 ----a-w- c:\windows\system32\html.iec

2011-05-21 07:18 . 2011-05-21 07:18 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-21 07:18 . 2011-05-21 07:18 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-21 07:18 . 2011-05-21 07:18 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-21 07:18 . 2011-05-21 07:18 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-21 07:18 . 2011-05-21 07:18 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-21 07:18 . 2011-05-21 07:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-21 07:18 . 2011-05-21 07:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-21 07:18 . 2011-05-21 07:18 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-21 07:18 . 2011-05-21 07:18 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-21 07:18 . 2011-05-21 07:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-21 07:18 . 2011-05-21 07:18 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe

2011-05-17 02:33 . 2011-05-17 02:29 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-05-17 02:33 . 2011-05-16 23:06 189480 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-05-17 02:29 . 2011-05-16 23:07 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-05-16 23:07 . 2011-05-16 23:07 138056 ----a-w- c:\users\Sang\AppData\Roaming\PnkBstrK.sys

2011-05-16 23:06 . 2011-05-16 23:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-05-16 22:48 . 2011-05-16 23:06 3360624 ----a-w- c:\windows\system32\pbsvc.exe

2011-05-14 05:06 . 2011-05-14 05:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-03 04:30 . 2011-06-19 03:19 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 02:46 . 2011-06-19 03:20 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46 . 2011-06-19 03:20 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46 . 2011-06-19 03:20 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:17 . 2011-06-19 03:18 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:17 . 2011-06-19 03:18 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-27 02:17 . 2011-06-19 03:18 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 04:31 . 2011-06-19 03:20 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:18 . 2011-06-19 03:20 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-22 23:35 . 2011-06-19 15:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-22 23:25 . 2011-06-19 15:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-22 19:14 . 2011-05-25 06:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-27 03:47 . 2011-05-14 04:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Sang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]

2011-05-28 21:46 412560 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-05 02:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-07 02:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-04 4004328]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400]

R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-10 218688]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-01 428200]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-05 238952]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-26 1336712]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 40216768

*Deregistered* - 40216768

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job

- c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18]

.

2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job

- c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.daum.net/

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_6/DaumActiveX.cab?ver=2,0,0,6

FF - ProfilePath - c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - yahoo.co.kr

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 56020

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Steam - c:\program files\steam1\Steam.exe

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

MSConfigStartUp-Steam - c:\program files\steam1\Steam.exe

AddRemove-Steam App 102700 - c:\program files\steam1\steam.exe

AddRemove-Steam App 105600 - c:\program files\steam1\steam.exe

AddRemove-Steam App 440 - c:\program files\steam1\steam.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-19 11:40:59

ComboFix-quarantined-files.txt 2011-07-19 18:40

.

Pre-Run: 163,601,129,472 bytes free

Post-Run: 163,316,625,408 bytes free

.

- - End Of File - - 1452CFAB687B2341E346F8F7C123F5BD

Results of screen317's Security Check version 0.99.17

Windows 7 Service Pack 1 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 26

Java SE Development Kit 6 Update 26

Java DB 10.6.2.1

Adobe Flash Player 10.3.181.14

Adobe Reader X (10.0.1) Adobe Reader Out of Date!

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Wow this is a long list to review..

I really appreciate your help. Thank You for everything :)

And one thing, after i ran combofix all my internet browsers didnt work saying they cant load a page.

But they worked fine after a restart.

Link to post
Share on other sites

I really appreciate your help. Thank You for everything :)

No problem :)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

40216768

File::

C:\Windows\System32\Drivers\40216768.sys

c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP

Reglock::

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Here you go.

computer seems to be working perfectly all thanks to your help :D

But i dont get why is combofix is trying to delete my steam?

Does it contain a virus?

Anyways thank you so much for your time.

ComboFix 11-07-20.05 - Sang 07/20/2011 13:59:57.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.2089 [GMT -7:00]

Running from: c:\users\Sang\Desktop\ComboFix.exe

Command switches used :: c:\users\Sang\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP"

"c:\windows\System32\Drivers\40216768.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\steam1\Steam.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_40216768

.

.

((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))

.

.

2011-07-20 21:05 . 2011-07-20 21:07 -------- d-----w- c:\users\Sang\AppData\Local\temp

2011-07-20 21:05 . 2011-07-20 21:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-07-20 21:05 . 2011-07-20 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-20 03:49 . 2011-07-20 03:49 -------- d-----w- c:\users\Sang\AppData\Roaming\NVIDIA

2011-07-20 03:45 . 2011-07-20 03:45 -------- d--h--w- c:\windows\msdownld.tmp

2011-07-20 03:44 . 2011-07-20 03:44 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP

2011-07-19 20:05 . 2011-07-19 20:05 -------- d-----w- c:\program files\Frogster

2011-07-19 19:00 . 2011-07-20 21:05 -------- d-----w- c:\program files\steam1

2011-07-17 01:03 . 2011-07-17 01:03 -------- d-----w- c:\program files\Microsoft Silverlight

2011-07-12 21:18 . 2011-07-12 21:18 -------- d-----w- c:\program files\Electronic Arts

2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\Electronic Arts

2011-07-10 17:34 . 2011-07-10 17:34 -------- d-----w- c:\programdata\EA Core

2011-07-10 17:31 . 2011-07-10 17:31 -------- d-----w- c:\program files\Microsoft WSE

2011-07-10 17:24 . 2011-07-10 17:24 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-10 17:23 . 2011-07-10 17:24 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-07-10 17:23 . 2011-07-10 17:25 -------- d-----w- c:\users\Sang\AppData\Roaming\DAEMON Tools Lite

2011-07-10 17:23 . 2011-07-10 17:23 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-09 15:28 . 2011-07-09 15:28 -------- d-----w- c:\users\Sang\AppData\Local\Adobe

2011-07-07 16:22 . 2010-03-05 02:59 566680 ----a-w- c:\windows\system32\POTWEB.OCX

2011-07-07 16:22 . 2011-07-07 16:22 -------- d-----w- c:\program files\Daum

2011-07-04 19:45 . 2011-07-04 19:45 -------- d-----w- c:\users\Sang\AppData\Local\Apple

2011-07-04 16:38 . 2011-07-04 16:38 -------- d-----w- c:\program files\Common Files\Java

2011-07-04 16:37 . 2011-07-04 16:37 -------- d-----w- c:\program files\Sun

2011-07-04 16:37 . 2011-07-04 16:37 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-07-03 03:23 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll

2011-07-03 03:23 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll

2011-07-03 03:23 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll

2011-07-03 03:23 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll

2011-07-03 03:23 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll

2011-07-03 03:23 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll

2011-07-03 03:23 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-07-03 03:23 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll

2011-07-03 03:23 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll

2011-07-03 03:23 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-07-03 03:23 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll

2011-07-03 02:59 . 2011-07-03 03:00 -------- d-----w- c:\program files\ATITool

2011-06-29 06:27 . 2011-07-20 17:21 -------- d-----w- c:\users\Sang\AppData\Roaming\uTorrent

2011-06-28 18:08 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 18:08 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll

2011-06-28 18:08 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll

2011-06-28 18:08 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll

2011-06-28 18:08 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll

2011-06-28 18:08 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2011-06-28 18:08 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe

2011-06-28 18:08 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2011-06-28 18:08 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll

2011-06-28 18:08 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll

2011-06-27 16:32 . 2011-06-27 16:32 -------- d-----w- c:\users\Sang\AppData\Roaming\Avira

2011-06-27 16:28 . 2011-07-01 14:18 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-27 16:28 . 2011-07-01 14:18 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-27 16:28 . 2011-07-01 14:22 -------- d-----w- c:\programdata\Avira

2011-06-27 16:28 . 2011-06-27 16:28 -------- d-----w- c:\program files\Avira

2011-06-27 03:58 . 2011-06-27 03:58 -------- d-----w- c:\program files\Enigma Software Group

2011-06-27 03:57 . 2011-06-27 06:41 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP

2011-06-27 03:57 . 2011-07-20 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-06-27 03:47 . 2011-06-27 03:47 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-27 03:47 . 2011-06-27 03:47 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-24 13:28 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{500FF4E3-CBDD-4EE6-B87A-24D95CB3053C}\mpengine.dll

2011-06-23 23:00 . 2011-06-23 23:00 -------- d-----w- c:\windows\system32\SPReview

2011-06-23 22:59 . 2011-06-23 22:59 -------- d-----w- c:\windows\system32\EventProviders

2011-06-23 03:13 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2011-06-23 03:12 . 2010-11-20 12:21 444928 ----a-w- c:\windows\system32\wvc.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-07 02:52 . 2011-05-14 05:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2011-05-14 05:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-04 16:37 . 2011-05-14 05:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-23 23:07 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-05-25 06:09 . 2011-04-08 05:45 66664 ----a-w- c:\windows\system32\nvshext.dll

2011-05-25 06:09 . 2011-04-08 05:45 615528 ----a-w- c:\windows\system32\nvvsvc.exe

2011-05-25 06:09 . 2011-04-08 05:45 111208 ----a-w- c:\windows\system32\nvmctray.dll

2011-05-25 06:09 . 2011-04-08 05:44 2557544 ----a-w- c:\windows\system32\nvsvc.dll

2011-05-25 06:09 . 2011-04-08 05:45 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll

2011-05-25 06:09 . 2011-04-08 05:44 3693672 ----a-w- c:\windows\system32\nvcpl.dll

2011-05-25 06:09 . 2011-07-03 03:23 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd

2011-05-25 06:09 . 2011-05-14 05:51 2335848 ----a-w- c:\windows\system32\nvapi.dll

2011-05-25 02:14 . 2011-05-14 05:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-21 07:18 . 2011-05-21 07:18 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-21 07:18 . 2011-05-21 07:18 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-21 07:18 . 2011-05-21 07:18 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-21 07:18 . 2011-05-21 07:18 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-21 07:18 . 2011-05-21 07:18 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-21 07:18 . 2011-05-21 07:18 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-21 07:18 . 2011-05-21 07:18 367104 ----a-w- c:\windows\system32\html.iec

2011-05-21 07:18 . 2011-05-21 07:18 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-21 07:18 . 2011-05-21 07:18 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-21 07:18 . 2011-05-21 07:18 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-21 07:18 . 2011-05-21 07:18 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-21 07:18 . 2011-05-21 07:18 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-21 07:18 . 2011-05-21 07:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-21 07:18 . 2011-05-21 07:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-21 07:18 . 2011-05-21 07:18 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-21 07:18 . 2011-05-21 07:18 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-21 07:18 . 2011-05-21 07:18 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-21 07:18 . 2011-05-21 07:18 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-21 05:35 . 2011-05-21 05:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe

2011-05-17 02:33 . 2011-05-17 02:29 189480 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-05-17 02:33 . 2011-05-16 23:06 189480 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-05-17 02:29 . 2011-05-16 23:07 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-05-16 23:07 . 2011-05-16 23:07 138056 ----a-w- c:\users\Sang\AppData\Roaming\PnkBstrK.sys

2011-05-16 23:06 . 2011-05-16 23:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-05-16 22:48 . 2011-05-16 23:06 3360624 ----a-w- c:\windows\system32\pbsvc.exe

2011-05-14 05:06 . 2011-05-14 05:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-03 04:30 . 2011-06-19 03:19 741376 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 02:46 . 2011-06-19 03:20 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 02:46 . 2011-06-19 03:20 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 02:46 . 2011-06-19 03:20 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:17 . 2011-06-19 03:18 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:17 . 2011-06-19 03:18 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-27 02:17 . 2011-06-19 03:18 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 04:31 . 2011-06-19 03:20 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-04-25 02:18 . 2011-06-19 03:20 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2011-04-22 23:35 . 2011-06-19 15:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-04-22 23:25 . 2011-06-19 15:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-22 19:14 . 2011-05-25 06:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-06-27 03:47 . 2011-05-14 04:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Steam"="c:\program files\steam1\Steam.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Sang^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Sang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]

2011-05-28 21:46 412560 ----a-w- c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-05 02:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-07 02:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-04-04 4004328]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]

R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]

R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1343400]

R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-10 218688]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-01 428200]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-05 238952]

S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-26 1336712]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;c:\windows\system32\DRIVERS\xcbdaV.sys [2009-07-13 157568]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - FSUSBEXDISK

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 18:18]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001Core.job

- c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18]

.

2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3335826871-767681240-3273376228-1001UA.job

- c:\users\Sang\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-03 18:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.daum.net/

uInternet Settings,ProxyOverride = *.local

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_6/DaumActiveX.cab?ver=2,0,0,6

FF - ProfilePath - c:\users\Sang\AppData\Roaming\Mozilla\Firefox\Profiles\0me8ary5.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - yahoo.co.kr

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 56020

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Steam App 17020 - c:\program files\steam1\steam.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\sppsvc.exe

c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe

c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe

c:\program files\IObit\Game Booster\gbtray.exe

c:\windows\system32\conhost.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Completion time: 2011-07-20 14:11:31 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-20 21:11

ComboFix2.txt 2011-07-19 18:40

.

Pre-Run: 157,518,557,184 bytes free

Post-Run: 157,588,664,320 bytes free

.

- - End Of File - - 3435757C3FA98757F233B1E3714E2516

Link to post
Share on other sites

computer seems to be working perfectly all thanks to your help :D

Glad to hear that! :)

But i dont get why is combofix is trying to delete my steam?

Does it contain a virus?

I'm guessing its because you have it running from a location other than the default one:

c:\program files\steam1\

The default should be:

C:\Program Files\Steam\

If you could reinstall Steam to the default location, I think that should fix the problem ;)

Anyways thank you so much for your time.

No problem! :)

Before we move on, let's run some more scans to see if there's any traces left :):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-----------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.