I am looking for a geek to solve my computer malwares can u see this list and see whats wrong with it?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 8:02:46, on 2000-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spiceworks\bin\spicetray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\PC-Clean\PC-Clean.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe
O4 - HKLM\..\Run: [049fba8e] rundll32.exe "C:\WINDOWS\system32\cgeyvroh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [MXD] C:\Documents and Settings\All Users\Favorites\XRGPUBIE.exe
O4 - HKLM\..\Policies\Explorer\Run: [DF] C:\Documents and Settings\All Users\Favorites\PSUBHIJR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nmstarter/NMStarter25.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {386EDCD0-72B4-42F4-9942-049B8A92FC48} (FgAddOn Control) - http://down.fileguri.com/FgAddOn.cab
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/down/NaverFile.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,3
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7324 bytes
help me plz!

This post has been edited by thefreed: Nov 25 2007, 06:51 PM

Sorry for the delay. My name is Rorschach and I'll be helping you with your problems.

• Download avz4en.zip from here
  
• Save it to your desktop and unzip it to a folder on your desktop
  
• Double click on AVZ.exe to run it.
  
• Choose from the menu "File" => "System Investigation"
  
• Close all windows except for AVZ
  
• Click on "Start" and save the report to your desktop.
  
• Let the scan run and click "No" on the right when it asks you if you want to view it.
  
• Upload the report you saved on your desktop onto this site in your next reply.

hello thank you greatly for providing this service , because I have to pay like 60 dollars and 3 days without a computer otherwise, your doing a great thing here
I attached the link not sure if this is it

Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

• Click on "New Topic"
• Put your name, e-mail address, and this as the title: "C:\Program Files\ToolbarClean\nliaresolver.dll"
• Put a link to this topic in the description box.
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  
  
  • C:\Program Files\ToolbarClean\nliaresolver.dll
  
  
• Click Open.
• Click Post.

Thank you!



Repeat that for these two files as well

C:\Documents and Settings\All Users\Favorites\PSUBHIJR.exe
C:\Documents and Settings\All Users\Favorites\XRGPUBIE.exe



Once you have done that, then do the following

• Close all windows then double click on AVZ.exe
  
• Click File > Custom scripts
  
• Copy & paste the contents of the following codebox in the box in the program
  
  
  CODE
  begin
  QuarantineFile('\SystemRoot\System32\Drivers\arj9a8ow.SYS','');
  BC_DeleteFile('C:\WINDOWS\system32\ddccc.dll');
  BC_DeleteFile('C:\WINDOWS\system32\fovfdqsx.dll');
  BC_DeleteFile('C:\WINDOWS\system32\mpbmhbha.dll');
  BC_DeleteFile('C:\WINDOWS\system32\umjfpdkg.dll');
  BC_DeleteFile('C:\WINDOWS\system32\voxiwuqv.dll');
  BC_DeleteFile('C:\Documents and Settings\All Users\Favorites\PSUBHIJR.exe');
  BC_DeleteFile('C:\Documents and Settings\All Users\Favorites\XRGPUBIE.exe');
  BC_DeleteFile('C:\Program Files\ToolbarClean\nliaresolver.dll');
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.
  
  
  
• Note: When you run the script, your PC will be restarted
  
• Click Run
  
• Restart your PC if it doesn't do it automatically, and post back with a new AVZ report.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

• Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
• Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

I followed the custom scan thngy but when I restarted it I couldnt get it pasy the windows starting up screen so I safe moded it and restored the computer to yesterday... then I tried to use WinPfind but it kept not responding can u tell me some other way pleaze?

That is strange. Lets try something else.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Deckard's System Scanner v20071014.68
Run by Owner on 2000-01-19 14:59:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2000-01-19 22:59:45 UTC - RP75 - Deckard's System Scanner Restore Point
5: 2000-01-19 11:24:37 UTC - RP74 - Restore Operation
4: 2000-01-18 15:06:53 UTC - RP73 - System Checkpoint
3: 2000-01-17 08:07:35 UTC - RP72 - System Checkpoint
2: 2000-01-16 03:50:11 UTC - RP71 - System Checkpoint


-- First Restore Point --
1: 2000-01-15 03:15:43 UTC - RP70 - NEW


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 3:00:32, on 2000-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AddressHook Class - {420F61A2-B3BE-4A80-8A68-A2080770CD4C} - C:\Program Files\PC-Clean\PCCleanHModul.dll
O2 - BHO: (no name) - {560EC96E-8833-4DA8-815A-18E30D967545} - C:\WINDOWS\system32\ddccc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: {6630c289-6a6e-58d8-cc74-12a521809ec6} - {6ce90812-5a21-47cc-8d85-e6a6982c0366} - C:\WINDOWS\system32\qnvxjaad.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BrowserHook Class - {E30C7A85-45B9-4d04-92F7-12AF287AD41A} - C:\Program Files\ToolbarClean\nliaresolver.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [049fba8e] rundll32.exe "C:\WINDOWS\system32\voxiwuqv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [MXD] C:\Documents and Settings\All Users\Favorites\XRGPUBIE.exe
O4 - HKLM\..\Policies\Explorer\Run: [DF] C:\Documents and Settings\All Users\Favorites\PSUBHIJR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: LCDPlayer.lnk = C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {386EDCD0-72B4-42F4-9942-049B8A92FC48} (FgAddOn Control) - http://down.fileguri.com/FgAddOn.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.c...ersion=1,0,0,10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6239 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 XSPACEWG - c:\windows\system32\drivers\xspacewg.sys <Not Verified; SPACE INT'L, Inc.; CDSpace>
R3 cdspacex - c:\windows\system32\drivers\cdspacex.sys <Not Verified; SPACE INT'L, Inc.; CDSpace5>
R3 TwoRabts (Two Rabbits Live Bus) - c:\windows\system32\drivers\tworabts.sys <Not Verified; Two Rabbits, Inc.; Two Rabbits live bus>

S1 KLIF - c:\windows\system32\drivers\klif.sys (file missing)
S3 ezty2 - c:\windows\system32\ezty2.sys (file missing)
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys <Not Verified; ©NOWCOM; Nowcom Memory Defender>
S3 pcwe - c:\program files\pc wizard 2006\pcw86-32.sys (file missing)
S3 VIROBOT - c:\windows\system32\virobot.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S? DomainService -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 1999-12-19 and 2000-01-19 -----------------------------

2007-11-10 23:29:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2007-11-10 23:19:31 0 d-------- C:\WINDOWS\system32\DLA
2007-11-10 23:19:29 0 d-------- C:\Program Files\Roxio
2007-11-10 22:49:03 0 d-------- C:\Program Files\CONEXANT
2007-11-10 22:46:06 0 d-------- C:\Program Files\Norton Ghost
2007-11-10 22:44:02 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-11-10 21:56:41 0 d-------- C:\Program Files\WinISO
2007-11-10 20:35:00 342048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-10 20:11:11 0 d-------- C:\Program Files\PC-Clean
2007-11-10 20:03:53 81472 --a------ C:\WINDOWS\system32\vjjsuacw.dll
2007-11-10 19:57:53 85056 --a------ C:\WINDOWS\system32\jhienvsr.dll
2007-11-10 19:42:35 0 d-------- C:\WINDOWS\pss
2007-11-10 18:23:13 85056 --a------ C:\WINDOWS\system32\yrudcqfn.dll
2007-11-10 18:20:11 81472 --a------ C:\WINDOWS\system32\jduubbkc.dll
2007-11-10 14:07:12 81472 --a------ C:\WINDOWS\system32\vknjioxd.dll
2007-11-10 13:42:14 85056 --a------ C:\WINDOWS\system32\ykagudra.dll
2007-11-10 13:39:13 81472 --a------ C:\WINDOWS\system32\xqbrbckl.dll
2007-11-10 13:26:52 71232 --a------ C:\WINDOWS\system32\rldsfhwb.exe <Not Verified; ; DDC>
2007-11-10 12:15:53 81472 --a------ C:\WINDOWS\system32\onbmsclh.dll
2007-11-10 11:38:31 0 d-------- C:\WINDOWS\system32\rMa01yy
2007-11-10 11:19:13 0 d-------- C:\Program Files\WinAble
2007-11-10 11:03:27 60 --a------ C:\WINDOWS\HSoftDB.DAT
2007-11-10 11:03:11 0 d-------- C:\Program Files\ViRobotXP
2007-11-10 01:04:38 0 d-------- C:\Program Files\Digitalonnet
2007-11-10 01:03:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-10 00:34:11 432787 ---hs---- C:\WINDOWS\system32\cccdd.bak2
2007-11-09 21:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2007-11-09 19:00:20 0 d-------- C:\Program Files\G-Collections(2)
2007-11-09 12:33:58 440679 ---hs---- C:\WINDOWS\system32\cccdd.bak1
2007-11-09 12:30:57 318560 --a------ C:\WINDOWS\system32\ddccc.dll
2007-11-09 12:29:57 0 d-------- C:\Program Files\Temporary
2007-11-09 12:25:35 0 d-------- C:\WINDOWS\system32\rMa02yy
2007-11-09 12:25:35 0 d-------- C:\Temp
2007-11-09 00:59:12 0 d-------- C:\WINDOWS\Sun
2007-11-09 00:59:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-11-08 19:32:34 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-08 19:32:32 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-07 13:57:52 0 d-------- C:\Program Files\Songsari
2007-11-07 13:49:04 0 d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2007-11-07 13:13:27 967 --a------ C:\WINDOWS\ScUnin.pif
2007-11-07 13:13:27 35382 --a------ C:\WINDOWS\scunin.dat
2007-11-07 13:13:26 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-11-07 13:12:54 0 d-------- C:\Program Files\Starcraft
2007-11-06 19:46:04 0 d-------- C:\Program Files\DivX
2007-11-06 19:46:00 2084 --a------ C:\WINDOWS\mozver.dat
2007-11-06 19:42:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-11-06 15:15:29 0 d-------- C:\Program Files\iMusicSoft
2007-11-06 15:15:27 45056 --a------ C:\WINDOWS\system32\SBSWebLAManager.dll <Not Verified; iMusicSoft; SBSWebLAManager>
2007-11-06 15:15:26 1921024 --a------ C:\WINDOWS\system32\SBSWebPlayerCore.dll <Not Verified; iMusicSoft; SBSWebPlayerCore>
2007-11-06 14:36:27 0 d-------- C:\Program Files\konami
2007-11-06 11:40:27 0 d-------- C:\Documents and Settings\Owner\Shared
2007-11-06 11:40:26 0 d-------- C:\Documents and Settings\Owner\Incomplete
2007-11-06 11:40:09 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-11-06 11:38:12 0 d-------- C:\Program Files\Java
2007-11-06 11:37:49 0 d-------- C:\Program Files\Common Files\Java
2007-11-06 11:37:33 0 d-------- C:\Program Files\LimeWire
2007-11-06 10:59:02 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-06 10:58:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2007-11-05 14:28:30 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-11-05 14:28:28 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-11-05 14:28:26 237568 --a------ C:\WINDOWS\system32\OggDS.dll <Not Verified; ; Ogg DirectShow™ Filter Collection>
2007-11-05 14:28:25 45056 --a------ C:\WINDOWS\system32\ogg.dll
2007-11-05 14:28:23 102160 --a------ C:\WINDOWS\system32\vb6ko.dll <Not Verified; Microsoft Corporation; Visual Basic Environment>
2007-11-05 14:27:29 0 d-------- C:\Program Files\I-MEPS
2007-11-05 11:00:54 0 d-------- C:\schoolx
2007-11-04 00:35:22 0 d-------- C:\Program Files\Infogrames Interactive
2007-11-03 13:39:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Move Networks
2007-11-02 17:34:48 0 d-------- C:\Documents and Settings\Owner\Application Data\My Games
2007-11-02 16:06:56 0 d---s---- C:\Documents and Settings\Owner\UserData
2007-11-01 11:51:29 65536 --a------ C:\WINDOWS\IFinst27.exe
2007-11-01 09:13:00 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-10-31 21:30:21 0 d-------- C:\Program Files\DAEMON Tools
2007-10-31 21:26:39 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 20:23:05 24 --a------ C:\WINDOWS\system32\1.bat
2007-10-30 20:15:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Fileguri
2007-10-30 20:15:19 217088 --a-----t C:\WINDOWS\system32\FcLauncher.exe <Not Verified; ; FcLauncher 응용 프로그램>
2007-10-30 20:12:34 0 d-------- C:\Program Files\Freechal
2007-10-30 18:16:18 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-10-30 18:13:00 94 --a------ C:\WINDOWS\1.bat
2007-10-30 18:12:41 61952 --a------ C:\WINDOWS\system32\Evilotus.dll
2007-10-30 17:13:03 0 d-------- C:\Program Files\Maxis
2007-10-30 14:21:30 0 d-------- C:\Program Files\UltimateBet
2007-10-30 13:31:17 0 d-------- C:\Netmarble
2007-10-30 13:31:11 0 d--h----- C:\Documents and Settings\Owner\Application Data\netmarble
2007-10-30 12:57:54 0 d-------- C:\Program Files\Common Files\DirectX
2007-10-30 11:54:38 0 d-------- C:\Program Files\Veoh Networks
2007-10-30 11:54:17 0 d-------- C:\WINDOWS\Downloaded Installations
2007-10-30 09:15:45 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-10-30 09:15:36 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-10-30 09:15:18 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-30 09:15:18 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-30 09:15:18 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-30 09:15:18 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-10-30 09:15:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-30 09:15:03 0 d-------- C:\Program Files\Common Files\Logitech
2007-10-30 09:14:56 0 d-------- C:\Program Files\Logitech
2007-10-30 09:14:53 0 d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2007-10-30 03:42:08 0 d-------- C:\WINDOWS\system32\crc
2007-10-30 01:29:08 0 d--h----- C:\WINDOWS\PIF
2007-10-29 14:31:55 0 d-------- C:\Program Files\Daum
2007-10-29 14:28:43 0 d-------- C:\Documents and Settings\Owner\Application Data\PandoraTV
2007-10-29 14:26:27 678746 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2007-10-29 14:26:27 4045 --a------ C:\WINDOWS\unins000.dat
2007-10-29 12:04:18 0 d-------- C:\WINDOWS\system32\mgrlist
2007-10-29 11:56:00 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR
2007-10-29 11:49:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Hnc
2007-10-29 11:46:51 77824 --a------ C:\WINDOWS\system32\nod.dll <Not Verified; ; Now On-Demand Stream Connector>
2007-10-29 10:45:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-10-26 18:31:19 0 d-------- C:\Program Files\Symantec
2007-10-26 18:31:13 0 d-------- C:\Program Files\Symantec AntiVirus
2007-10-26 18:31:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-26 18:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-26 18:29:23 0 d-------- C:\Program Files\Microsoft.NET
2007-10-26 18:29:19 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-26 18:27:44 0 dr-h----- C:\MSOCache
2007-10-26 18:26:02 0 d-------- C:\WINDOWS\ShellNew
2007-10-26 18:25:40 0 d-------- C:\Program Files\eps
2007-10-26 18:25:40 0 d-------- C:\HNC
2007-10-26 18:20:51 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-10-26 18:20:51 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-10-26 18:20:51 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-26 18:20:51 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-26 18:20:51 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-10-26 18:20:50 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-26 18:20:50 0 d-------- C:\Program Files\Ahead
2007-10-26 18:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-26 18:20:05 0 d-------- C:\Program Files\CyberLink
2007-10-26 18:15:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-10-26 18:15:10 0 d-------- C:\Program Files\Lavasoft
2007-10-26 18:14:29 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-26 18:14:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-26 17:33:42 0 d-------- C:\WINDOWS\VirtualEar
2007-10-26 17:33:42 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-10-26 17:33:42 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-10-26 17:33:42 65536 --a------ C:\WINDOWS\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-10-26 17:33:42 0 d-------- C:\Program Files\Analog Devices
2007-10-26 17:33:18 0 d-------- C:\dell
2007-10-26 17:29:59 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-26 17:25:27 4026112 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS <Not Verified; Realtek Semiconductor Corp.; Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)>
2007-10-26 17:25:07 0 d-------- C:\Program Files\Realtek AC97
2007-10-26 17:25:06 10528768 --a------ C:\WINDOWS\system32\RTLCPL.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2007-10-26 17:25:05 147456 --a------ C:\WINDOWS\system32\RTLCPAPI.dll <Not Verified; ; RtlCPAPI Module>
2007-10-26 17:25:05 577536 --a------ C:\WINDOWS\SOUNDMAN.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2007-10-26 17:25:05 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-10-26 17:25:05 217088 --a------ C:\WINDOWS\Alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2007-10-26 17:25:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-26 17:23:12 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-26 17:21:39 0 d-------- C:\Program Files\Intel Desktop Board Audio Driver
2007-10-26 17:14:07 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-26 17:13:45 119568 --a------ C:\WINDOWS\system32\vb6fr.dll <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2007-10-26 15:11:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-10-26 15:11:33 0 dr------- C:\Documents and Settings\Owner\Favorites
2007-10-26 15:11:33 0 d-------- C:\Documents and Settings\Owner\Desktop
2007-10-26 15:11:33 0 d---s---- C:\Documents and Settings\Owner\Cookies
2007-10-26 15:11:33 0 d--h----- C:\Documents and Settings\Owner\Application Data
2007-10-26 15:11:32 0 d--h----- C:\Documents and Settings\Owner\Templates
2007-10-26 15:11:32 0 dr------- C:\Documents and Settings\Owner\Start Menu
2007-10-26 15:11:32 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2007-10-26 15:11:32 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-10-26 15:11:32 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2007-10-26 15:11:32 0 d--h----- C:\Documents and Settings\Owner\NetHood
2007-10-26 15:11:32 0 dr------- C:\Documents and Settings\Owner\My Documents
2007-10-26 15:11:32 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2007-10-26 15:11:25 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-10-26 15:11:24 0 d-------- C:\WINDOWS\Prefetch
2007-10-26 15:11:23 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-10-26 15:11:22 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-10-26 15:11:22 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-10-26 15:11:22 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-10-26 15:11:22 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-10-26 15:10:35 229376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-10-26 15:10:35 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-10-26 15:10:35 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-10-26 15:10:35 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-10-26 15:10:35 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-10-26 15:08:12 0 d-------- C:\WINDOWS\system32\xircom
2007-10-26 15:08:12 0 d-------- C:\Program Files\microsoft frontpage
2007-10-26 15:08:10 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-10-26 15:08:02 0 -rahs---- C:\MSDOS.SYS
2007-10-26 15:08:02 0 -rahs---- C:\IO.SYS
2007-10-26 15:08:02 0 --a------ C:\CONFIG.SYS
2007-10-26 15:08:02 0 --a------ C:\AUTOEXEC.BAT
2007-10-26 15:07:03 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-10-26 15:06:53 0 dr------- C:\WINDOWS\Offline Web Pages
2007-10-26 15:06:52 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-10-26 15:06:41 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-26 15:06:20 0 d-------- C:\WINDOWS\system32\DirectX
2007-10-26 15:05:47 0 d---s---- C:\WINDOWS\Tasks
2007-10-26 15:05:46 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-26 15:05:43 0 d-------- C:\WINDOWS\srchasst
2007-10-26 15:05:42 0 d-------- C:\WINDOWS\system32\Macromed
2007-10-26 15:05:35 0 d-------- C:\Program Files\Movie Maker
2007-10-26 15:05:27 0 d-------- C:\WINDOWS\system32\Restore
2007-10-26 15:05:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-26 15:04:53 0 d-------- C:\WINDOWS\Registration
2007-10-26 15:04:23 0 d-------- C:\Program Files\Online Services
2007-10-26 15:04:18 0 d-------- C:\Program Files\Messenger
2007-10-26 15:04:15 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-26 15:03:38 0 d-------- C:\Program Files\Windows NT
2007-10-26 15:03:35 0 d-------- C:\WINDOWS\system32\MsDtc
2007-10-26 15:03:34 0 d-------- C:\WINDOWS\system32\Com
2007-10-26 07:25:29 0 d--hs---- C:\WINDOWS\Installer
2007-10-26 07:25:28 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-26 07:25:25 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-26 07:25:25 0 d-------- C:\Program Files\Common Files
2007-10-26 07:25:25 0 d-a------ C:\Program Files
2007-10-26 07:24:59 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-10-26 07:24:59 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-10-26 07:24:59 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-10-26 07:24:59 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-10-26 07:24:59 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-10-26 07:24:59 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-10-26 07:24:59 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-10-26 07:24:59 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-10-26 07:24:59 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-10-26 07:24:59 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-10-26 07:24:59 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-10-26 07:24:59 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-10-26 07:24:59 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-10-26 07:24:59 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-10-26 07:24:59 0 dr------- C:\Documents and Settings\All Users\Documents
2007-10-26 07:24:59 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-10-26 07:24:47 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-10-26 07:24:47 0 d-------- C:\WINDOWS\system32\CatRoot
2007-10-26 07:24:42 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-10-26 07:24:42 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-10-26 07:24:41 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-10-26 07:24:41 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-10-26 07:24:21 0 d--hs---- C:\System Volume Information
2007-10-26 07:24:21 0 d-------- C:\Documents and Settings
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\WinSxS
2007-10-26 07:19:45 0 dr------- C:\WINDOWS\Web
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\twain_32
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\wins
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\wbem
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\usmt
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\spool
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\ShellExt
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\Setup
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\ras
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\oobe
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\npp
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\mui
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\inetsrv
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\IME
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\icsxml
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\ias
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\export
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\drivers
2007-10-26 07:19:45 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\dhcp
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\config
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\3076
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\2052
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1054
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1042
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1041
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1037
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1033
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1031
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1028
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32\1025
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system32
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\system
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\security
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Resources
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\repair
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Provisioning
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\PeerNet
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\pchealth
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\mui
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\msapps
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\msagent
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Media
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\java
2007-10-26 07:19:45 0 d--h----- C:\WINDOWS\inf
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\ime
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Help
2007-10-26 07:19:45 0 dr--s---- C:\WINDOWS\Fonts
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Driver Cache
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Debug
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Cursors
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Connection Wizard
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\Config
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\AppPatch
2007-10-26 07:19:45 0 d-------- C:\WINDOWS\addins
2007-10-26 07:19:45 0 d-------- C:\WINDOWS
2007-10-19 12:41:02 1536000 -ra------ C:\WINDOWS\system32\clubbox.exe <Not Verified; Nowcom, Co. LTD.; CLUBBOX File Transfer Manager V2>
2007-10-15 04:47:22 450560 --a------ C:\WINDOWS\system32\downenginesdk.dll <Not Verified; ©NOWCOM; DownEngine>
2007-10-11 07:23:18 425984 -ra------ C:\WINDOWS\system32\nowdownloader.exe <Not Verified; (주) 나우콤; NowDownloader Downloader>
2007-09-17 14:19:52 92432 --a------ C:\WINDOWS\system32\extract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-05-18 20:44:12 385024 --a------ C:\WINDOWS\DownUpdater.exe <Not Verified; (주)나우콤; NowUpdater.exe>
2007-04-13 03:21:14 271360 --a------ C:\WINDOWS\system32\mscoree.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-04-13 02:06:40 159744 -ra------ C:\WINDOWS\system32\fscagent.exe <Not Verified; Nowcom Co., Ltd.; FSCAgent>
2007-03-23 09:30:40 155648 -ra------ C:\WINDOWS\system32\downengine.dll <Not Verified; (주)나우콤; ClubBox>
2007-03-20 04:50:46 102400 -ra------ C:\WINDOWS\system32\grdmgr.exe <Not Verified; 나우콤; GRDMgr>
2006-12-17 02:47:19 1060864 --a------ C:\WINDOWS\system32\mfc71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET>
2006-12-17 02:47:19 241664 --a------ C:\WINDOWS\system32\HncUpdate.exe <Not Verified; ; HncUpdate 응용 프로그램>
2006-11-29 07:41:40 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe <Not Verified; © Nowcom; GrdUpdater>
2005-11-02 03:23:08 14464 -ra------ C:\WINDOWS\system32\nowmemdf.sys <Not Verified; ©NOWCOM; Nowcom Memory Defender>
2005-09-23 07:28:56 32768 --a------ C:\WINDOWS\system32\netfxperf.dll <Not Verified; Microsoft Corporation; Microsoft ® .NET Framework>
2005-09-23 07:28:52 74240 --a------ C:\WINDOWS\system32\mscories.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:52 150016 --a------ C:\WINDOWS\system32\mscorier.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2005-09-23 07:28:38 83456 --a------ C:\WINDOWS\system32\dfshim.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2004-11-25 15:30:44 184320 --a------ C:\WINDOWS\system32\dmvm.dll <Not Verified; ; dmvm Module>
2004-07-16 18:36:38 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys <Not Verified; Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.; Macrovision SECURITY Driver>
2004-07-15 11:18:00 82318 -ra------ C:\WINDOWS\system32\fscspy.sys <Not Verified; Nowcom Co.,Ltd; >
2003-03-18 21:14:52 499712 -ra------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET>
2003-03-18 21:12:12 1047552 --a------ C:\WINDOWS\system32\mfc71u.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET>
2003-03-18 20:05:50 89088 -ra------ C:\WINDOWS\system32\atl71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET>
2003-02-21 03:42:22 348160 -ra------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET>
2002-08-21 04:13:12 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2002-08-21 04:10:16 204800 --a------ C:\WINDOWS\system32\INKED.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2002-03-19 17:30:00 177152 --a------ C:\WINDOWS\system32\tweakui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows™ Shell PowerToys>
2000-05-23 21:45:58 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2000-05-11 12:06:20 397312 --a------ C:\WINDOWS\system32\MSRDO20.DLL <Not Verified; Microsoft Corporation; Microsoft Corporation Remote Data Object>
2000-04-03 16:52:54 151552 --a------ C:\WINDOWS\system32\RDOCURS.DLL <Not Verified; Microsoft Corporation; Microsoft RDO Client Cursor Library>
2000-01-19 03:48:33 81625 --a------ C:\WINDOWS\system32\pvwbidaa.dll
2000-01-19 03:43:30 77888 --a------ C:\WINDOWS\system32\qnvxjaad.dll
2000-01-19 03:37:25 77888 --a------ C:\WINDOWS\system32\ndyuvptk.dll
2000-01-19 03:25:10 0 d-------- C:\Program Files\SPACE INTERNATIONAL
2000-01-19 03:25:09 0 d-------- C:\War3KoreanPatch
2000-01-19 03:25:09 0 d-------- C:\Program Files\Warcraft III
2000-01-18 23:51:28 445410 ---hs---- C:\WINDOWS\system32\cccdd.ini2
2000-01-18 16:24:05 74069 --a------ C:\WINDOWS\War3Unin.dat
2000-01-18 16:20:51 0 d-------- C:\Program Files\Warcraft III(2)
2000-01-18 07:05:54 2883584 --a------ C:\Documents and Settings\Owner\ntuser.dat
2000-01-18 07:05:47 262144 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2000-01-18 03:18:53 8625 --a------ C:\WINDOWS\system32\hxabcsum.dll
2000-01-18 03:15:07 81984 --a------ C:\WINDOWS\system32\cykrapff.dll
2000-01-18 02:59:36 3543 --a------ C:\WINDOWS\system32\drivers\XSpaceWg.sys <Not Verified; SPACE INT'L, Inc.; CDSpace>
2000-01-18 02:59:36 11120 --a------ C:\WINDOWS\system32\drivers\TwoRabts.sys <Not Verified; Two Rabbits, Inc.; Two Rabbits live bus>
2000-01-18 02:59:36 22571 --a------ C:\WINDOWS\system32\drivers\CDSPACEX.sys <Not Verified; SPACE INT'L, Inc.; CDSpace5>
2000-01-18 02:59:36 22048 --a------ C:\WINDOWS\system32\cocpyinf.dll <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2000-01-18 02:27:37 2829 --a------ C:\WINDOWS\War3Unin.pif
2000-01-18 02:27:37 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2000-01-17 21:01:59 14465 --a------ C:\WINDOWS\system32\acloptdv.dll
2000-01-17 20:58:55 78912 --a------ C:\WINDOWS\system32\xnduavsw.dll
2000-01-17 20:21:35 0 d-------- C:\Program Files\StealthBot
2000-01-17 12:55:43 84545 --a------ C:\WINDOWS\system32\voxiwuqv.dll
2000-01-17 12:49:34 78912 --a------ C:\WINDOWS\system32\umjfpdkg.dll
2000-01-16 20:40:22 0 d-------- C:\Program Files\Haali
2000-01-16 20:35:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2000-01-16 12:46:36 80960 --a------ C:\WINDOWS\system32\fovfdqsx.dll
2000-01-16 12:40:56 68485 --a------ C:\WINDOWS\system32\kwtafpil.dll
2000-01-16 12:40:53 71232 --a------ C:\WINDOWS\system32\tqdeyfah.exe <Not Verified; ; DDC>
2000-01-15 19:49:48 79936 --a------ C:\WINDOWS\system32\mpbmhbha.dll
2000-01-15 19:46:48 83085 --a------ C:\WINDOWS\system32\bdencudg.dll
2000-01-14 20:01:41 0 d-------- C:\Program Files\Trend Micro
2000-01-14 19:46:48 81472 --a------ C:\WINDOWS\system32\medhsuyu.dll
2000-01-14 19:40:48 84545 --a------ C:\WINDOWS\system32\cgeyvroh.dll
2000-01-14 19:19:53 81472 --a------ C:\WINDOWS\system32\oesifvue.dll
2000-01-14 19:16:53 83085 --a------ C:\WINDOWS\system32\crhdiqdj.dll
2000-01-14 18:51:05 0 d-------- C:\VundoFix Backups
2000-01-14 18:27:38 81472 --a------ C:\WINDOWS\system32\mupaymoc.dll
2000-01-14 12:02:21 81472 --a------ C:\WINDOWS\system32\iucjdnuv.dll
2000-01-14 11:59:22 71405 --a------ C:\WINDOWS\system32\vqfnttnu.dll
2000-01-13 11:56:21 80165 --a------ C:\WINDOWS\system32\jsvdbpvk.dll
2000-01-13 11:53:21 83520 --a------ C:\WINDOWS\system32\lhkrxicr.dll
2000-01-13 07:49:54 83520 --a------ C:\WINDOWS\system32\gkqsmorn.dll
2000-01-13 07:46:53 84545 --a------ C:\WINDOWS\system32\tvsojere.dll
2000-01-12 23:43:46 83520 --a------ C:\WINDOWS\system32\ifrswnrt.dll
2000-01-12 23:37:46 83085 --a------ C:\WINDOWS\system32\jgatdyhs.dll
2000-01-12 23:32:17 71232 --a------ C:\WINDOWS\system32\qvudntwl.exe <Not Verified; ; DDC>
2000-01-12 19:37:20 83085 --a------ C:\WINDOWS\system32\fbqrvdrf.dll
2000-01-12 19:34:21 79936 --a------ C:\WINDOWS\system32\jnwpowab.dll
2000-01-12 18:14:31 84545 --a------ C:\WINDOWS\system32\naeduxex.dll
2000-01-12 18:11:33 79936 --a------ C:\WINDOWS\system32\nhhvifvp.dll
2000-01-12 02:47:37 84545 --a------ C:\WINDOWS\system32\tphoercv.dll
2000-01-12 02:44:37 79936 --a------ C:\WINDOWS\system32\ofcileyl.dll
2000-01-12 02:36:20 71232 --a------ C:\WINDOWS\system32\ojqtkljq.exe <Not Verified; ; DDC>
2000-01-11 22:14:22 79936 --a------ C:\WINDOWS\system32\wrvpfcqn.dll
2000-01-11 22:08:22 84545 --a------ C:\WINDOWS\system32\dkllsjxd.dll
2000-01-11 17:17:52 84545 --a------ C:\WINDOWS\system32\demyhkja.dll
2000-01-11 17:11:52 80960 --a------ C:\WINDOWS\system32\btvewfwg.dll
2000-01-11 11:01:55 80960 --a------ C:\WINDOWS\system32\msndflsu.dll
2000-01-11 10:46:35 80960 --a------ C:\WINDOWS\system32\ocymjamm.dll
2000-01-11 10:43:35 81625 --a------ C:\WINDOWS\system32\kaxtlwrn.dll
2000-01-10 21:05:13 0 d-------- C:\Program Files\ToolbarClean
2000-01-10 21:04:37 81625 --a------ C:\WINDOWS\system32\dduhwfjk.dll
2000-01-10 21:01:38 84544 --a------ C:\WINDOWS\system32\gbjwlcee.dll
2000-01-10 20:56:10 71232 --a------ C:\WINDOWS\system32\uqsvlxxa.exe <Not Verified; ; DDC>
2000-01-10 20:48:40 81625 --a------ C:\WINDOWS\system32\ajliuons.dll
2000-01-10 20:46:53 84544 --a------ C:\WINDOWS\system32\nmnkelwo.dll
2000-01-10 14:48:11 84544 --a------ C:\WINDOWS\system32\kmhwbxmk.dll
2000-01-10 14:42:11 75785 --a------ C:\WINDOWS\system32\gwaxsgem.dll
2000-01-10 14:34:39 1442 --a------ C:\WINDOWS\system32\tmp.reg
2000-01-10 09:05:28 83085 --a------ C:\WINDOWS\system32\lmojjvur.dll
2000-01-10 01:15:05 61185 --a------ C:\WINDOWS\system32\goffbofh.dll
2000-01-10 01:12:06 84544 --a------ C:\WINDOWS\system32\njhxpbrs.dll
2000-01-10 01:03:44 71232 --a------ C:\WINDOWS\system32\wptchhtm.exe <Not Verified; ; DDC>
2000-01-09 17:02:37 83085 --a------ C:\WINDOWS\system32\qcimmvwa.dll
2000-01-08 23:32:39 84545 --a------ C:\WINDOWS\system32\vprcdwgs.dll
2000-01-08 08:54:44 0 d-------- C:\Documents and Settings\Owner\Application Data\GRETECH
2000-01-08 08:52:32 0 d-------- C:\Program Files\GRETECH
2000-01-07 23:07:46 80165 --a------ C:\WINDOWS\system32\nnjbucqj.dll
2000-01-07 23:02:03 71232 --a------ C:\WINDOWS\system32\tekgeird.exe <Not Verified; ; DDC>
2000-01-07 22:57:11 327168 --a------ C:\WINDOWS\IsUn0412.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2000-01-06 03:42:44 0 d-------- C:\Games
2000-01-05 10:43:04 79936 --a------ C:\WINDOWS\system32\mmenyxyx.dll
2000-01-04 10:49:04 79424 --a------ C:\WINDOWS\system32\gjqtqpop.dll
2000-01-02 19:46:43 0 d-------- C:\Program Files\Alwil Software
2000-01-02 19:15:03 0 d-------- C:\Program Files\LiveOnAir2
2000-01-01 03:24:05 0 d-------- C:\Program Files\G-Collections


-- Find3M Report ---------------------------------------------------------------

2007-10-26 07:24:59 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
1999-11-24 17:40:50 40960 --a------ C:\WINDOWS\system32\VBAME.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{560EC96E-8833-4DA8-815A-18E30D967545}]
2007-11-09 오후 12:30 318560 --a------ C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ce90812-5a21-47cc-8d85-e6a6982c0366}]
2000-01-19 오전 03:43 77888 --a------ C:\WINDOWS\system32\qnvxjaad.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E30C7A85-45B9-4d04-92F7-12AF287AD41A}]
2007-06-25 오전 11:32 102400 --a------ C:\Program Files\ToolbarClean\nliaresolver.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"049fba8e"="C:\WINDOWS\system32\voxiwuqv.dll" [2000-01-17 오후 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 오전 07:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2000-01-18 오전 2:59:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"MXD"=C:\Documents and Settings\All Users\Favorites\XRGPUBIE.exe
"DF"=C:\Documents and Settings\All Users\Favorites\PSUBHIJR.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\049fba8e]
rundll32.exe "C:\WINDOWS\system32\cgeyvroh.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.157_24.08.2007_14-09.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
C:\WINDOWS\system32\HncUpdate.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfx