Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan? - Help my slow computer

Started by kmshome0208 , Dec 27 2010 02:29 PM

  • Please log in to reply

#1
kmshome0208
Posted 27 December 2010 - 02:29 PM

kmshome0208

    Member

  • Member
  • PipPip
  • 21 posts
Hello,
I was looking for anything to help the speed of my computer.
I ran anything and everyting I have. Spybot, onecare scanning, hijack this, Mbam.
Since I don't know anything about Mbam, I just ran and fix everything.Spybot didnt find anything but
the onecare detected trojan - sorry, I didn't get the full.
I found this great site, downloaded the OTS and posting this as instructed.
Thank you in advance!!!

Here is ots.txt

OTS logfile created on: 12/27/2010 1:11:33 PM - Run 1
OTS by OldTimer - Version 3.1.40.1 Folder = C:\Documents and Settings\Kim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 22.04 Gb Free Space | 41.82% Space Free | Partition Type: NTFS
Drive D: | 18.49 Gb Total Space | 18.43 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Drive E: | 691.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DB6H9BB1
Current User Name: Kim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Kim\Desktop\OTS.exe -> [2010/12/27 13:11:20 | 000,642,048 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Kim\Desktop\OTS.exe -> [2010/12/27 13:11:20 | 000,642,048 | ---- | M] (OldTimer Tools)

[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(TeamViewer5) TeamViewer 5 [Disabled | Stopped] -> C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -> [2010/07/06 09:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH)
(ExpressService) ExpressService [Disabled | Stopped] -> C:\Program Files\Filebus\ExpressService.exe -> [2010/05/05 23:25:59 | 001,294,336 | ---- | M] (ExpressService)
(IDriverT) InstallDriver Table Manager [Disabled | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation)
(STI Simulator) STI Simulator [Disabled | Stopped] -> C:\WINDOWS\system32\PAStiSvc.exe -> [2005/01/14 01:32:38 | 000,053,248 | ---- | M] ()
(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP)

[Driver Services - Safe List]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(SSPORT) SSPORT [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\Drivers\SSPORT.sys -> File not found
(RimUsb) BlackBerry Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\RimUsb.sys -> File not found
(PAC7311) PLEOMAX PWC-2000 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\PA707UCM.SYS -> File not found
(npkcusb) npkcusb [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\npkcusb.sys -> File not found
(neokdss) neokdss [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\neokdss.sys -> File not found
(FreshIO) FreshIO [Kernel | On_Demand | Stopped] -> C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -> File not found
(DgiVecp) DgiVecp [Kernel | Auto | Stopped] -> C:\WINDOWS\System32\Drivers\DgiVecp.sys -> File not found
(giveio) giveio [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\giveio.sys -> [2010/01/03 14:20:48 | 000,005,248 | ---- | M] ()
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(NPFWFLT) NPFWFLT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\npfwflt.sys -> [2007/07/25 09:39:48 | 000,031,104 | ---- | M] (INCA Internet Co., Ltd.)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(FsVga) FsVga [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\fsvga.sys -> [2004/08/04 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(pfc) Padus ASPI Shell [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.)
(Aspi32) Aspi32 [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\ASPI32.SYS -> [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo....=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsof...search.asp?p=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> ->
HKEY_CURRENT_USER\: "ProxyServer" -> http=127.0.0.1:5577 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Kim\Application Data\Mozilla\FireFox\Profiles\d00e3bky.default\prefs.js ->
extensions.enabledItems -> [email protected]:1.0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Kim\Application Data\Mozilla\Extensions -> [2009/01/14 22:24:12 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Kim\Application Data\Mozilla\Firefox\Profiles\d00e3bky.default\extensions -> [2009/01/14 22:24:12 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/27 09:41:41 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{724D43A0-0D85-11D4-9908-00400523E39A}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Kim Startup Folder > -> C:\Documents and Settings\Kim\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\HomePage
\control panel\HomePage\\"" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"_NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F46}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{320AF880-6646-11D3-ABEE-C5DBF3571F49}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{724d43aa-0d85-11d4-9908-00400523e39a}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{A543882E-1405-4537-B7EE-F3765A86A9BC}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.micr...heckControl.cab [Windows Genuine Advantage Validation Tool] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_21] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_21] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_21] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 68.87.64.150 68.87.75.198 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{DECFB381-1CA8-4D18-A244-84E78F55BFEB}\\DhcpNameServer -> 68.87.64.150 68.87.75.198 (Intel® PRO/100 VE Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Filebus\ExpressService.exe" -> C:\Program Files\Filebus\ExpressService.exe [C:\Program Files\Filebus\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019] -> [2010/05/05 23:25:59 | 001,294,336 | ---- | M] (ExpressService)
"C:\Program Files\Filebus\FilebusDown.exe" -> C:\Program Files\Filebus\FilebusDown.exe [C:\Program Files\Filebus\FilebusDown.exe:*:Enabled:@xpsp2res.dll,-22019] -> [2010/12/06 22:27:36 | 004,897,760 | ---- | M] ((주)드림스토리)
"C:\Program Files\JJangQ\JJangQDown2.exe" -> C:\Program Files\JJangQ\JJangQDown2.exe [C:\Program Files\JJangQ\JJangQDown2.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Program Files\Xtoc\Browser\xctransfer.exe" -> C:\Program Files\Xtoc\Browser\xctransfer.exe [C:\Program Files\Xtoc\Browser\xctransfer.exe:*:Enabled:@xpsp2res.dll,-22019] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\Filebus\ExpressService.exe" -> C:\Program Files\Filebus\ExpressService.exe [C:\Program Files\Filebus\ExpressService.exe:*:Enabled:@xpsp2res.dll,-22019] -> [2010/05/05 23:25:59 | 001,294,336 | ---- | M] (ExpressService)
"C:\Program Files\Filebus\FilebusDown.exe" -> C:\Program Files\Filebus\FilebusDown.exe [C:\Program Files\Filebus\FilebusDown.exe:*:Enabled:@xpsp2res.dll,-22019] -> [2010/12/06 22:27:36 | 004,897,760 | ---- | M] ((주)드림스토리)
"C:\Program Files\Filebus\FilebusUp.exe" -> C:\Program Files\Filebus\FilebusUp.exe [C:\Program Files\Filebus\FilebusUp.exe:*:Enabled:FilebusUp] -> [2010/12/06 22:27:36 | 002,210,784 | ---- | M] ((주)드림스토리)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" -> C:\Program Files\TeamViewer\Version5\TeamViewer.exe [C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application] -> [2010/07/06 09:06:20 | 005,279,016 | ---- | M] (TeamViewer GmbH)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 12:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Kim\Desktop\OTS.exe -> [2010/12/27 13:11:19 | 000,642,048 | ---- | C] (OldTimer Tools)
temp -> C:\WINDOWS\temp -> [2010/12/27 09:45:57 | 000,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/12/27 09:34:38 | 000,000,000 | RHSD | C]
FxsTmp -> C:\WINDOWS\System32\FxsTmp -> [2010/12/26 14:54:44 | 000,000,000 | ---D | C]
공주님의 요람 -> C:\Documents and Settings\Kim\My Documents\공주님의 요람 -> [2010/12/25 15:11:52 | 000,000,000 | ---D | C]
하늘은붉은강가 -> C:\Documents and Settings\Kim\My Documents\하늘은붉은강가 -> [2010/12/25 15:11:37 | 000,000,000 | ---D | C]
Uplaod -> C:\Documents and Settings\Kim\My Documents\Uplaod -> [2010/12/10 21:28:29 | 000,000,000 | ---D | C]
Multibox2 -> C:\Documents and Settings\Kim\Local Settings\Application Data\Multibox2 -> [2010/12/07 00:01:18 | 000,000,000 | ---D | C]
PackageAware -> C:\Documents and Settings\Kim\Local Settings\Application Data\PackageAware -> [2010/12/06 23:34:53 | 000,000,000 | ---D | C]
scskusbf.sys -> C:\WINDOWS\System32\drivers\scskusbf.sys -> [2010/12/06 18:22:18 | 000,018,184 | ---- | C] (SoftCamp)
scskusbs.sys -> C:\WINDOWS\System32\drivers\scskusbs.sys -> [2010/12/06 18:22:17 | 000,175,872 | ---- | C] (SoftCamp)
SoftForum -> C:\Program Files\SoftForum -> [2010/12/06 18:21:23 | 000,000,000 | ---D | C]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Kim\My Documents\*.tmp files -> C:\Documents and Settings\Kim\My Documents\*.tmp ->

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Kim\Desktop\OTS.exe -> [2010/12/27 13:11:20 | 000,642,048 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/12/27 13:08:22 | 000,000,876 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/27 13:07:13 | 000,002,048 | --S- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/27 13:07:10 | 000,242,328 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/12/27 13:04:00 | 000,000,880 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/27 09:41:41 | 000,000,027 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2010/12/27 09:34:46 | 000,000,319 | RHS- | M] ()
User_Feed_Synchronization-{79FC4DAA-2F05-44CE-A990-E196D62A6898}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{79FC4DAA-2F05-44CE-A990-E196D62A6898}.job -> [2010/12/26 23:30:43 | 000,000,418 | -H-- | M] ()
Filebus_SendSize.bak -> C:\WINDOWS\System32\Filebus_SendSize.bak -> [2010/12/26 23:25:54 | 000,000,000 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/26 14:54:56 | 000,437,498 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/26 14:54:56 | 000,069,808 | ---- | M] ()
mapisvc.inf -> C:\WINDOWS\System32\mapisvc.inf -> [2010/12/26 14:54:15 | 000,006,036 | ---- | M] ()
Spybot - Search & Destroy - Scheduled Task.job -> C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job -> [2010/12/26 04:00:07 | 000,000,326 | ---- | M] ()
파일버스.lnk -> C:\Documents and Settings\Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\파일버스.lnk -> [2010/12/08 21:09:16 | 000,001,647 | ---- | M] ()
파일버스.lnk -> C:\Documents and Settings\Kim\Desktop\파일버스.lnk -> [2010/12/08 21:09:16 | 000,001,629 | ---- | M] ()
ct-dummies.pdf -> C:\Documents and Settings\Kim\My Documents\ct-dummies.pdf -> [2010/12/07 22:17:42 | 001,888,126 | ---- | M] ()
Calculating Profit and Loss.doc -> C:\Documents and Settings\Kim\My Documents\Calculating Profit and Loss.doc -> [2010/12/07 21:20:55 | 000,028,160 | ---- | M] ()
Book1.xls -> C:\Documents and Settings\Kim\My Documents\Book1.xls -> [2010/12/06 23:36:56 | 000,014,336 | ---- | M] ()
scskusbs.sys -> C:\WINDOWS\System32\drivers\scskusbs.sys -> [2010/12/06 18:31:40 | 000,175,872 | ---- | M] (SoftCamp)
scskusbf.sys -> C:\WINDOWS\System32\drivers\scskusbf.sys -> [2010/12/06 18:31:40 | 000,018,184 | ---- | M] (SoftCamp)
keithgouldresume01.doc -> C:\Documents and Settings\Kim\Desktop\keithgouldresume01.doc -> [2010/12/05 23:12:26 | 000,033,792 | ---- | M] ()
M3JPEG.INI -> C:\WINDOWS\M3JPEG.INI -> [2010/12/05 23:11:16 | 000,000,578 | ---- | M] ()
Rich Dad.doc -> C:\Documents and Settings\Kim\My Documents\Rich Dad.doc -> [2010/12/03 18:17:37 | 000,436,224 | ---- | M] ()
outlook.pst -> C:\WINDOWS\outlook.pst -> [2010/12/02 21:11:09 | 072,646,656 | ---- | M] ()
keithgouldresume.pdf -> C:\Documents and Settings\Kim\My Documents\keithgouldresume.pdf -> [2010/12/01 17:54:08 | 000,160,307 | ---- | M] ()
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp ->
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\Documents and Settings\Kim\My Documents\*.tmp files -> C:\Documents and Settings\Kim\My Documents\*.tmp ->

[Files - No Company Name]
Boot.bak -> C:\Boot.bak -> [2010/12/27 09:34:46 | 000,000,203 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/12/27 09:34:43 | 000,260,272 | RHS- | C] ()
Filebus_SendSize.bak -> C:\WINDOWS\System32\Filebus_SendSize.bak -> [2010/12/23 17:18:43 | 000,000,000 | ---- | C] ()
ct-dummies.pdf -> C:\Documents and Settings\Kim\My Documents\ct-dummies.pdf -> [2010/12/07 22:17:42 | 001,888,126 | ---- | C] ()
Calculating Profit and Loss.doc -> C:\Documents and Settings\Kim\My Documents\Calculating Profit and Loss.doc -> [2010/12/07 20:16:39 | 000,028,160 | ---- | C] ()
np_jpn.ini -> C:\WINDOWS\System32\np_jpn.ini -> [2010/12/06 18:29:30 | 000,008,821 | ---- | C] ()
np_kor.ini -> C:\WINDOWS\System32\np_kor.ini -> [2010/12/06 18:29:30 | 000,008,517 | ---- | C] ()
np_Eng.ini -> C:\WINDOWS\System32\np_Eng.ini -> [2010/12/06 18:29:30 | 000,008,023 | ---- | C] ()
np_chs.ini -> C:\WINDOWS\System32\np_chs.ini -> [2010/12/06 18:29:30 | 000,006,808 | ---- | C] ()
keithgouldresume01.doc -> C:\Documents and Settings\Kim\Desktop\keithgouldresume01.doc -> [2010/12/05 23:12:26 | 000,033,792 | ---- | C] ()
Rich Dad.doc -> C:\Documents and Settings\Kim\My Documents\Rich Dad.doc -> [2010/12/02 18:23:40 | 000,436,224 | ---- | C] ()
Smiley.ico -> C:\Documents and Settings\Kim\Application Data\Smiley.ico -> [2010/01/19 11:16:33 | 000,076,407 | ---- | C] ()
giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [2010/01/03 14:20:48 | 000,005,248 | ---- | C] ()
MRSCR001.dll.z -> C:\WINDOWS\System32\MRSCR001.dll.z -> [2009/12/26 21:33:33 | 000,186,069 | ---- | C] ()
XWEBVI~1.INI -> C:\WINDOWS\XWEBVI~1.INI -> [2009/07/19 13:51:11 | 000,000,046 | ---- | C] ()
SaXPWIA.dll -> C:\WINDOWS\System32\SaXPWIA.dll -> [2009/05/08 21:32:01 | 000,138,752 | ---- | C] ()
SaXPEH.dll -> C:\WINDOWS\System32\SaXPEH.dll -> [2009/05/08 21:32:00 | 000,139,776 | ---- | C] ()
SaXPUIEx.dll -> C:\WINDOWS\System32\SaXPUIEx.dll -> [2009/05/08 21:32:00 | 000,138,240 | ---- | C] ()
SaXPIPH.dll -> C:\WINDOWS\System32\SaXPIPH.dll -> [2009/05/08 21:32:00 | 000,116,736 | ---- | C] ()
SaXPSTI.dll -> C:\WINDOWS\System32\SaXPSTI.dll -> [2009/05/08 21:32:00 | 000,087,040 | ---- | C] ()
PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2009/04/13 22:46:20 | 000,000,097 | ---- | C] ()
EPSNX200.ini -> C:\WINDOWS\EPSNX200.ini -> [2009/04/13 22:44:42 | 000,000,078 | ---- | C] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2009/03/27 23:21:24 | 000,111,360 | ---- | C] ()
GDINST.INI -> C:\WINDOWS\GDINST.INI -> [2009/03/23 21:09:41 | 000,000,111 | ---- | C] ()
GeoEditAVIDll.dll -> C:\WINDOWS\GeoEditAVIDll.dll -> [2009/03/23 21:09:01 | 000,139,264 | ---- | C] ()
wmatomp3.dll -> C:\WINDOWS\System32\wmatomp3.dll -> [2009/03/12 17:50:48 | 000,329,248 | ---- | C] ()
iyisoyay.ini -> C:\WINDOWS\System32\iyisoyay.ini -> [2009/01/11 18:01:05 | 001,213,744 | -HS- | C] ()
enudamur.ini -> C:\WINDOWS\System32\enudamur.ini -> [2009/01/11 06:01:03 | 001,213,744 | -HS- | C] ()
ewoluwas.ini -> C:\WINDOWS\System32\ewoluwas.ini -> [2009/01/10 18:00:32 | 001,213,753 | -HS- | C] ()
ezeponin.ini -> C:\WINDOWS\System32\ezeponin.ini -> [2009/01/10 06:00:30 | 001,206,137 | -HS- | C] ()
dinksmallwood.ini -> C:\WINDOWS\dinksmallwood.ini -> [2008/11/01 21:48:27 | 000,000,099 | ---- | C] ()
MRCert.dll -> C:\WINDOWS\System32\MRCert.dll -> [2008/06/20 17:28:52 | 000,110,592 | ---- | C] ()
AdpcmCodec.dll -> C:\WINDOWS\System32\AdpcmCodec.dll -> [2008/01/23 14:59:38 | 000,081,920 | ---- | C] ()
G723Codec.dll -> C:\WINDOWS\System32\G723Codec.dll -> [2008/01/23 14:48:40 | 000,073,728 | ---- | C] ()
M4VAPDec.dll -> C:\WINDOWS\System32\M4VAPDec.dll -> [2008/01/23 14:41:30 | 000,692,224 | ---- | C] ()
AdobeDLM.log -> C:\Documents and Settings\Kim\Application Data\AdobeDLM.log -> [2007/11/09 00:08:37 | 000,000,700 | ---- | C] ()
SaveImage2.dll -> C:\WINDOWS\System32\SaveImage2.dll -> [2007/03/02 04:26:16 | 000,126,976 | ---- | C] ()
CaptureProtect.dll -> C:\WINDOWS\System32\CaptureProtect.dll -> [2007/02/06 13:49:50 | 000,028,672 | ---- | C] ()
ToonsXHook.dll -> C:\WINDOWS\System32\ToonsXHook.dll -> [2007/02/05 13:42:16 | 000,045,056 | ---- | C] ()
KGyGaAvL.sys -> C:\WINDOWS\System32\KGyGaAvL.sys -> [2007/01/28 13:58:32 | 000,001,682 | -HS- | C] ()
488B837D9B.sys -> C:\WINDOWS\System32\488B837D9B.sys -> [2007/01/28 13:58:32 | 000,000,056 | RHS- | C] ()
MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2006/12/17 00:12:18 | 000,000,118 | ---- | C] ()
inifile41.ini -> C:\Documents and Settings\LocalService\Application Data\inifile41.ini -> [2006/12/16 23:21:20 | 000,000,023 | ---- | C] ()
inifile41.ini -> C:\Documents and Settings\Kim\Application Data\inifile41.ini -> [2006/12/16 19:56:48 | 000,000,023 | ---- | C] ()
M3JPEG.INI -> C:\WINDOWS\M3JPEG.INI -> [2006/10/22 17:54:11 | 000,000,578 | ---- | C] ()
multiview.ini -> C:\WINDOWS\multiview.ini -> [2006/09/27 08:11:28 | 000,000,160 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Kim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/08/26 21:42:37 | 000,019,456 | ---- | C] ()
fusioncache.dat -> C:\Documents and Settings\Kim\Local Settings\Application Data\fusioncache.dat -> [2006/07/23 13:44:26 | 000,000,126 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/07/23 12:44:24 | 000,001,793 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/07/23 11:17:40 | 000,000,963 | ---- | C] ()
PFP120JPR.{PB -> C:\Documents and Settings\Kim\Application Data\PFP120JPR.{PB -> [2006/07/23 08:11:14 | 000,061,678 | ---- | C] ()
PFP120JCM.{PB -> C:\Documents and Settings\Kim\Application Data\PFP120JCM.{PB -> [2006/07/23 08:11:14 | 000,012,358 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/07/22 22:45:49 | 000,000,002 | ---- | C] ()
hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2006/07/22 22:44:52 | 000,005,791 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/07/11 08:15:41 | 000,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/07/11 08:08:02 | 000,000,644 | ---- | C] ()
DellSystemRestore.dll -> C:\WINDOWS\System32\DellSystemRestore.dll -> [2006/07/11 07:59:26 | 000,712,704 | ---- | C] ()
e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2006/07/11 07:25:48 | 000,012,288 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/07/11 07:25:44 | 000,000,392 | ---- | C] ()
CWCCtrl.dll -> C:\WINDOWS\System32\CWCCtrl.dll -> [2006/05/16 09:37:16 | 000,331,776 | ---- | C] ()
NdWebAudioSender.dll -> C:\WINDOWS\System32\NdWebAudioSender.dll -> [2006/05/15 16:30:40 | 000,053,248 | ---- | C] ()
NdWebAudioSrc.dll -> C:\WINDOWS\System32\NdWebAudioSrc.dll -> [2006/05/15 16:30:34 | 000,040,960 | ---- | C] ()
NdWebMultySrc3.dll -> C:\WINDOWS\System32\NdWebMultySrc3.dll -> [2006/05/15 16:30:28 | 000,040,960 | ---- | C] ()
ndmpeg4v.dll -> C:\WINDOWS\System32\ndmpeg4v.dll -> [2006/01/20 18:53:00 | 000,512,000 | ---- | C] ()
zlibwapi.dll -> C:\WINDOWS\System32\zlibwapi.dll -> [2005/06/07 01:05:43 | 000,072,704 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 12:12:05 | 000,000,780 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 11:57:52 | 000,004,346 | ---- | C] ()
WaveletDecoder.dll -> C:\WINDOWS\System32\WaveletDecoder.dll -> [2003/05/19 09:16:48 | 000,167,936 | ---- | C] ()
IndexedColorDecoder.dll -> C:\WINDOWS\System32\IndexedColorDecoder.dll -> [2003/05/19 09:16:48 | 000,167,936 | ---- | C] ()
ODBCSTF.DLL -> C:\WINDOWS\System32\ODBCSTF.DLL -> [1997/02/27 23:00:00 | 000,022,016 | ---- | C] ()
DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [1997/02/27 23:00:00 | 000,022,016 | ---- | C] ()
HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [1997/02/27 23:00:00 | 000,012,288 | ---- | C] ()

[Alternate Data Streams]
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11DA80B5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC878100
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D630D1F5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36E20A37
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F81F4B
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C05C9266
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81E7CF6A
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FC06D35
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0745BF73
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54EF9B80
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5886DCB8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04B74CC5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6D90CD7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1D4545A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E1DD4C5
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30AF8E0D
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56F368C9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86B23CB4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F061428B
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5EF939A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6CD88E9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AB14A6F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD93FF7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F74B4CE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3BEF2E1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB358C65
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42C1964D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49B561E5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969736FD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:771E6DA1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C4D5D6
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A1A77DD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F2B366E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C5E1FAF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A71D3858
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBC93074
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9D83120
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28BAF316
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:472EB08A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B4FA895
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96CA0456
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6AC4C12
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3635B61
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC3DF26A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:341B6EF1
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A6AD8EC
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:651F6A8E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9136D598
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCC46762
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36EEEDAC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700CD00E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0C0B615
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F1C40B9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58FB5187
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E52E4F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D3515D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43CB4526
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4F37E5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A696643D
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA18D4E3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEC6F1CA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:367F03D2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81AF749E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9B99CB5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FF836C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6ECD2470
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F1471D
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E65420D3
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE75424B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11F4E4A6
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40464012
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EE6D8DC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0669B28
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4AB3CDC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E091E936
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:898109B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F919FD4E
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E93E0ED
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B881C43
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3E01C22
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C04C48D4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:887EAE14
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B838CD98
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E0E9645
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CED9EDA5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33D788AB
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48543E29
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A37FCC3
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B97502BF
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27FD9ADB
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44B6B0E0
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E05F719
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9650618
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97ECE74A
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C0F3393
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77423EAD
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVX2VCGFMVF9VFNYTK1RVLNJCMNS45LBX89LH9KVVVVTVVJVPJVE
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92EB0F35
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56F6BEE
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78A49E36
< End of report >

Edited by Essexboy, 27 December 2010 - 02:36 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP