Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP Security 2012 Alert


  • Please log in to reply

#1
elee23

elee23

    Member

  • Member
  • PipPipPip
  • 153 posts
Hello, a computer of mine has been infected with XP Security Alert 2012. It will not let me connect to the internet and will not run the "mbam-setup" to install malwarebytes. I have included a picture of what popped up on the desktop.

Posted Image
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Try the procedure here:

http://www.bleepingc...t-security-2011

If it works,

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply



Ron
  • 0

#3
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
OTL logfile created on: 7/20/2011 9:34:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 352.36 Mb Available Physical Memory | 34.43% Memory free
2.40 Gb Paging File | 1.65 Gb Available in Paging File | 68.77% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.39 Gb Free Space | 26.61% Space Free | Partition Type: NTFS
Drive D: | 88.93 Gb Total Space | 5.76 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 783.39 Mb Free Space | 80.26% Space Free | Partition Type: FAT

Computer Name: AMD | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 09:33:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011/07/19 22:37:02 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe
PRC - [2011/06/01 23:35:00 | 000,254,576 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\MUpdate2\Update\autoup.exe
PRC - [2011/05/13 01:18:00 | 000,652,904 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe
PRC - [2011/01/23 22:57:16 | 000,546,392 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\V3LTray.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/04 02:50:13 | 000,321,112 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
PRC - [2010/11/04 02:50:05 | 000,330,840 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\V3Light.exe
PRC - [2010/11/01 20:52:26 | 000,383,064 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\V3Medic.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/12/02 18:36:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/04/23 06:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/19 14:05:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 17:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2006/05/12 14:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/11/15 03:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/20 09:33:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/12 14:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/09/29 22:35:00 | 001,441,792 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2004/09/29 22:35:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/13 01:18:00 | 000,652,904 | ---- | M] (AhnLab, Inc.) [Auto | Running] -- C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe -- (sgsvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/04 02:50:13 | 000,321,112 | ---- | M] (AhnLab, Inc.) [Auto | Running] -- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe -- (V3 Lite Service)
SRV - [2010/10/24 18:41:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/19 14:05:23 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/07/08 13:16:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsle614d525.sys -- (MpKsle614d525)
DRV - [2011/06/23 18:33:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl12ee34ef.sys -- (MpKsl12ee34ef)
DRV - [2011/06/12 13:55:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl11a1acb4.sys -- (MpKsl11a1acb4)
DRV - [2011/06/12 07:47:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl1af55172.sys -- (MpKsl1af55172)
DRV - [2011/06/12 07:36:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl51531420.sys -- (MpKsl51531420)
DRV - [2011/06/01 17:16:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl0343d786.sys -- (MpKsl0343d786)
DRV - [2011/05/24 01:41:00 | 000,184,160 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\SiteGuard2\atamptnt.sys -- (ATamptNt_ASG)
DRV - [2011/05/07 22:57:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl2368383b.sys -- (MpKsl2368383b)
DRV - [2011/05/07 15:12:01 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl6a2a625d.sys -- (MpKsl6a2a625d)
DRV - [2011/05/02 06:59:35 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl79cae1ec.sys -- (MpKsl79cae1ec)
DRV - [2011/04/24 17:08:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl87733107.sys -- (MpKsl87733107)
DRV - [2011/04/24 14:52:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl4b9ecd5e.sys -- (MpKsl4b9ecd5e)
DRV - [2011/04/14 07:02:00 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl8df469eb.sys -- (MpKsl8df469eb)
DRV - [2011/04/13 22:20:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl5c07a10e.sys -- (MpKsl5c07a10e)
DRV - [2011/04/13 21:54:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DC45656-058A-457B-84C5-62689991BEA8}\MpKsl7b56f2bf.sys -- (MpKsl7b56f2bf)
DRV - [2011/04/04 18:10:00 | 001,931,344 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\v3engine.sys -- (v3engine)
DRV - [2011/04/04 18:10:00 | 001,455,440 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ahnsze.sys -- (AhnSZE)
DRV - [2011/03/09 08:37:00 | 000,056,928 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRghNt.sys -- (AhnRghNt)
DRV - [2011/03/09 08:36:00 | 000,020,576 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRec2k.sys -- (AhnRec2k)
DRV - [2011/03/09 08:35:00 | 000,053,088 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys -- (AhnFlt2k)
DRV - [2011/03/06 19:53:00 | 000,238,320 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\MeDCoreD.sys -- (MeDCoreD_V3LITE)
DRV - [2011/02/21 19:22:00 | 000,166,496 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\VPDrvNt.sys -- (VPDrvNt)
DRV - [2010/10/31 17:34:51 | 000,168,288 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\V3Flt2k.sys -- (V3Flt2K)
DRV - [2010/10/31 17:34:29 | 000,159,840 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\ATamptNt.sys -- (ATamptNt_V3LITE)
DRV - [2010/10/18 00:53:38 | 000,055,136 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\TfFRegNt.sys -- (TfFRegNt)
DRV - [2010/07/11 18:44:30 | 000,095,880 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AMonTDnt.sys -- (AMonTDnt)
DRV - [2010/06/09 00:44:42 | 000,029,280 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\AHAWKENT.sys -- (TfProcNt)
DRV - [2009/07/24 16:41:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/20 18:13:13 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/05/27 19:07:40 | 000,124,480 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\ASZFltNt.sys -- (ASZFltNt)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/05/12 14:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 14:20:04 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/12 14:20:00 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2006/05/12 14:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 14:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 14:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 14:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/08/22 15:11:44 | 000,200,320 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bender.sys -- (BENDER)
DRV - [2005/06/02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/11/17 04:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/03 13:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/08/18 16:21:00 | 000,189,568 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yajoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.16749
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2405280&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 18:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/13 14:32:07 | 000,000,000 | ---D | M]

[2008/12/16 20:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lee\Application Data\Mozilla\Extensions
[2011/07/18 20:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\extensions
[2010/05/07 19:50:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/18 20:42:52 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011/07/18 20:42:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/07 19:50:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\extensions\[email protected]
[2011/05/30 09:01:38 | 000,000,000 | ---D | M] (PandoraTV Toolbar) -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\extensions\[email protected]
[2010/03/16 11:33:24 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\searchplugins\conduit.xml
[2011/06/13 14:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/23 21:18:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/13 14:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/13 14:32:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2009/07/06 17:10:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SGAgentObj Class) - {19217B99-F935-4A39-B857-A68A68D5BEBB} - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AhnLab V3Lite Tray Process] C:\Program Files\AhnLab\V3Lite\V3LTray.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ClubBox] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [2337832407] C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enable AhnLab SiteGuard - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O8 - Extra context menu item: &Show Security Checker - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O8 - Extra context menu item: Bluetooth로 보내기(&B) - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} http://download.netm...NMStarter24.cab (NetmarbleStarter24 Class)
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} http://download.netm...NMStarter25.cab (NetmarbleStarter25 Class)
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} http://www.clubbox.c.../NowStarter.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {1F9079B1-CB38-4DC0-9DAD-080BD2255698} http://wvw.kongdisk....diskControl.CAB (kongdisk File Share Control 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25AD0506-7B48-4594-A414-47BEA5CA4C19} http://club.entoom.c.../CAXEntoomC.cab (CAXEntoomC Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} http://patch.kongdis...ongdiskCtrl.cab (Kongdisk Web Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} http://download.netm...tX/NMTransX.cab (NMTransX Module)
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} http://file.naver.co...x/NaverFile.cab (NaverFileControl Control)
O16 - DPF: {B976AEC6-BEB2-4B98-B21C-7AB1C2B4E8E9} http://goalibaba.com...CAXAlibabaA.cab (CAXAlibabaA Control)
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} http://12.183.160.108./WebDvr3.cab (WebDvr3 Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D885750C-6002-460E-A162-713400FB1FD4} http://www.goalibaba...veXFileCtrl.cab (CActiveXFileCtrl Control)
O16 - DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} http://patch.kongdis...ll/kongdisk.cab (Kongdisk Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} http://www.clubbox.c...MultiUpload.cab (MultiUpload Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.2.1.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/22 14:20:25 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2666c382-17a3-11df-b324-0011d830371d}\Shell - "" = AutoRun
O33 - MountPoints2\{2666c382-17a3-11df-b324-0011d830371d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2666c382-17a3-11df-b324-0011d830371d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2cc881cc-6688-11dd-b241-0011d830371d}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc881cc-6688-11dd-b241-0011d830371d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2cc881cc-6688-11dd-b241-0011d830371d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{2ec36536-aa54-11db-9244-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec36536-aa54-11db-9244-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ec36536-aa54-11db-9244-806d6172696f}\Shell\AutoRun\command - "" = E:\ASUSACPI.exe
O33 - MountPoints2\{e81ee11e-296f-11dc-b1ea-0011d830371d}\Shell - "" = AutoRun
O33 - MountPoints2\{e81ee11e-296f-11dc-b1ea-0011d830371d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e81ee11e-296f-11dc-b1ea-0011d830371d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 09:25:50 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\lee\Desktop\mbam-setup.exe
[2011/06/22 20:43:49 | 000,000,000 | ---D | C] -- C:\90일 완성 홈피트니 프로그램 P90X
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 09:22:31 | 000,339,319 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\desktoppic.PNG
[2011/07/20 09:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/20 08:40:23 | 000,018,530 | -HS- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1
[2011/07/20 08:40:23 | 000,018,530 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1
[2011/07/19 22:37:02 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe
[2011/07/17 02:41:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/17 01:47:25 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/17 01:47:21 | 000,202,240 | ---- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/12 22:27:10 | 000,526,689 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\211_E_2003_219_CLS_04_06.pdf
[2011/07/11 21:08:17 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/07/08 13:20:51 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/08 13:20:51 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/08 13:18:01 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/08 13:17:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 13:16:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 21:46:18 | 000,041,569 | ---- | M] () -- C:\Documents and Settings\lee\Desktop\CostcoTravel_C303366666_1106201009.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 09:22:30 | 000,339,319 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\desktoppic.PNG
[2011/07/19 22:37:05 | 000,018,530 | -HS- | C] () -- C:\Documents and Settings\lee\Local Settings\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1
[2011/07/19 22:37:05 | 000,018,530 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1
[2011/07/19 22:37:02 | 000,344,064 | ---- | C] () -- C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe
[2011/07/12 22:27:07 | 000,526,689 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\211_E_2003_219_CLS_04_06.pdf
[2011/06/20 21:45:55 | 000,041,569 | ---- | C] () -- C:\Documents and Settings\lee\Desktop\CostcoTravel_C303366666_1106201009.pdf
[2010/11/21 20:06:54 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/21 20:06:54 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/21 20:06:54 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/21 20:06:54 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/21 20:06:54 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/21 20:06:54 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/21 20:06:54 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/21 20:06:54 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/11/21 20:06:54 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/21 20:06:54 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/21 20:06:54 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/21 20:06:54 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/21 20:06:54 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/21 20:06:54 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/11/21 20:06:54 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/11/21 20:06:54 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/21 20:06:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/21 20:06:53 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/21 20:06:53 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/19 13:34:14 | 000,311,976 | ---- | C] () -- C:\WINDOWS\System32\kongdiskctrl_update.exe
[2010/02/26 22:19:29 | 000,048,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/15 03:01:29 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/07/13 20:53:47 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\lee\Application Data\a.exe
[2009/07/06 17:11:30 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\lee\Application Data\RSBot Accounts.ini
[2009/06/06 16:07:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2009/05/30 22:08:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/30 20:57:20 | 000,000,111 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2009/05/28 20:31:55 | 000,000,117 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2009/05/28 20:30:57 | 000,000,106 | ---- | C] () -- C:\WINDOWS\NVMonitor.INI
[2009/05/28 20:30:43 | 000,000,101 | ---- | C] () -- C:\WINDOWS\nTune.INI
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/16 20:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/19 23:31:08 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/07 21:47:07 | 000,000,130 | ---- | C] () -- C:\WINDOWS\a3box_down.dat
[2008/04/29 21:43:56 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/04/19 14:05:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2007/11/17 00:12:20 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/10/29 23:49:25 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/17 20:03:50 | 000,001,514 | ---- | C] () -- C:\WINDOWS\mbcase.uninst.ini
[2007/09/22 14:28:11 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2007/09/22 14:20:25 | 000,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/09/22 14:20:24 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/09/22 14:20:24 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/09/22 14:20:24 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/09/22 14:20:24 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/09/22 14:20:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/07/03 17:44:10 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\ALZALZ.BIN
[2007/07/03 17:44:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\ALZZip.BIN
[2007/06/01 21:38:44 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2007/06/01 21:38:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/04/22 09:56:21 | 000,000,576 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/04 18:56:44 | 000,030,488 | ---- | C] () -- C:\WINDOWS\System32\NaverBroker.exe
[2007/02/10 09:34:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/23 08:12:55 | 000,202,240 | ---- | C] () -- C:\Documents and Settings\lee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/23 00:02:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/01/23 00:01:32 | 000,001,183 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/01/23 00:01:31 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/01/22 22:29:52 | 000,000,140 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/01/22 22:02:25 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007/01/22 22:02:25 | 000,039,208 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/01/22 22:02:25 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\msiuins.exe
[2007/01/22 22:02:24 | 000,039,208 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/01/22 21:54:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/22 21:54:24 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/22 21:54:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/01/22 21:52:38 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/01/22 21:52:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/01/22 21:52:23 | 000,005,914 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/01/22 21:52:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/01/22 21:43:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/01/22 21:39:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/22 13:16:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/01/22 13:14:28 | 000,240,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/12 14:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/09/06 20:13:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\NMUninst18.exe
[2004/12/20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/09/28 10:14:04 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/11 02:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/14 22:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2009/07/24 16:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/11/21 20:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2009/05/30 21:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/09 09:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/11/18 23:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2011/02/05 13:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/10/24 18:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/05/09 20:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/03/24 20:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2007/11/16 12:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/20 09:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/25 11:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/26 21:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/15 14:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/22 06:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\.minecraft
[2011/04/03 16:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\AhnLab
[2011/04/03 12:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Barnes & Noble
[2008/03/29 13:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Canon
[2011/02/05 13:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\CocoonSoftware
[2010/02/27 18:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\CopyTransPhoto
[2009/07/24 16:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\DAEMON Tools Lite
[2007/01/22 21:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\InterTrust
[2010/08/13 18:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\LolClient
[2008/04/30 11:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\mjusbsp
[2008/03/19 21:32:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\lee\Application Data\netmarble
[2010/03/23 21:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\Uniblue
[2007/09/09 06:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\uTorrent
[2010/02/27 18:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lee\Application Data\WindSolutions
[2011/07/17 02:41:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/20 09:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

#4
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
OTL Extras logfile created on: 7/20/2011 9:34:11 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 352.36 Mb Available Physical Memory | 34.43% Memory free
2.40 Gb Paging File | 1.65 Gb Available in Paging File | 68.77% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.39 Gb Free Space | 26.61% Space Free | Partition Type: NTFS
Drive D: | 88.93 Gb Total Space | 5.76 Gb Free Space | 6.48% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 783.39 Mb Free Space | 80.26% Space Free | Partition Type: FAT

Computer Name: AMD | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fscagent.exe" = C:\WINDOWS\system32\fscagent.exe:*:Enabled:클럽박스 파일전송 데몬
"C:\WINDOWS\system32\clubbox.exe" = C:\WINDOWS\system32\clubbox.exe:*:Enabled:A¬·´¹U½º ÆAAIAu¼U °u¸®AU
"C:\WINDOWS\system32\grdmgr.exe" = C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN 파일전송 데몬 -- (나우콤)
"C:\WINDOWS\system32\pdrtvsvr.exe" = C:\WINDOWS\system32\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control -- (PandoraTV)
"C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn" = C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn:*:Enabled:MSProxy.ahn
"C:\Documents and Settings\lee\Local Settings\Temp\nsb8.tmp\utorrent.exe" = C:\Documents and Settings\lee\Local Settings\Temp\nsb8.tmp\utorrent.exe:*:Enabled:μTorrent
"C:\Documents and Settings\lee\Local Settings\Temp\nshA.tmp\utorrent.exe" = C:\Documents and Settings\lee\Local Settings\Temp\nshA.tmp\utorrent.exe:*:Enabled:μTorrent
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\Documents and Settings\lee\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\lee\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\AndU\Andu Plus\bin\AnduP2P.exe" = C:\Program Files\AndU\Andu Plus\bin\AnduP2P.exe:*:Enabled:AndU Plus -- (Hanarodream.corp.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"G:\League of Legends\air\LolClient.exe" = G:\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"G:\League of Legends\game\League of Legends.exe" = G:\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\League of Legends\air\LolClient.exe" = C:\Program Files\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Program Files\League of Legends\game\League of Legends.exe" = C:\Program Files\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F866D37-22D0-435D-94F1-31A64D566D0E}" = Pinnacle device drivers
"{49FC50FC-F965-40D9-89B4-CBFF80941KOR}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBBD1EE8_6012_48d8_AE46_89386CA2DCC6}" = V3 Lite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EBB4463F_E248_42E5_8153_7C35537CAEAD}" = AhnLab SiteGuard 2.0
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALSong_is1" = ALSong
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"BN_DesktopReader" = NOOK for PC
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.0
"DtsFilter" = DTS+AC3 필터
"EOS Utility" = Canon Utilities EOS Utility
"GOM Player" = GOM Player
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ODSK" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SMPlayer" = SMPlayer 0.6.9
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"The Rosetta Stone" = The Rosetta Stone
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"QUICKMEDIACONVERTER" = QMC
"Shoddy Battle" = Shoddy Battle

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2010 10:31:32 PM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application kongdiskdownload.exe, version 1.2.0.1, faulting
module kongdiskdownload.exe, version 1.2.0.1, fault address 0x0001ac56.

Error - 5/6/2010 1:44:14 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 5/10/2010 10:38:16 PM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application kongdiskdownload.exe, version 1.2.0.1, faulting
module kongdiskdownload.exe, version 1.2.0.1, fault address 0x0001ac56.

Error - 5/14/2010 8:29:55 PM | Computer Name = AMD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2010 1:27:55 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 5/21/2010 4:02:10 PM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 5.0.1.329, faulting module
unknown, version 0.0.0.0, fault address 0x00003a60.

Error - 5/23/2010 2:44:10 AM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 5.0.1.329, faulting module
acrord32.exe, version 5.0.1.329, fault address 0x0018234f.

Error - 5/26/2010 2:50:15 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 6/3/2010 3:26:54 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 6/6/2010 12:11:23 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 4/3/2011 7:33:07 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = The v3engine service failed to start due to the following error: %%2

Error - 4/3/2011 7:33:07 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = The v3engine service failed to start due to the following error: %%2

Error - 4/3/2011 7:33:07 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = The v3engine service failed to start due to the following error: %%2

Error - 4/9/2011 1:33:43 PM | Computer Name = AMD | Source = Print | ID = 6161
Description = The document p90xcalendar.pdf owned by lee failed to print on printer
Auto hp officejet 6100 series on D29PVBC1. Data type: NT EMF 1.008. Size of the
spool file in bytes: 2660868. Number of bytes printed: 0. Total number of pages
in the document: 2. Number of pages printed: 1. Client machine: \\AMD. Win32 error
code returned by the print processor: 53 (0x35).

Error - 4/9/2011 1:33:58 PM | Computer Name = AMD | Source = Print | ID = 6161
Description = The document p90xcalendar.pdf owned by lee failed to print on printer
Auto hp officejet 6100 series on D29PVBC1. Data type: NT EMF 1.008. Size of the
spool file in bytes: 2660868. Number of bytes printed: 0. Total number of pages
in the document: 2. Number of pages printed: 1. Client machine: \\AMD. Win32 error
code returned by the print processor: 53 (0x35).

Error - 5/17/2011 9:43:41 PM | Computer Name = AMD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file '혼돈마조 2부 07권-003.lnk' on the volume 'HarddiskVolume1'.
It has stopped monitoring the volume.

Error - 6/12/2011 11:17:38 AM | Computer Name = AMD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/12/2011 11:19:38 AM | Computer Name = AMD | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 6/12/2011 11:19:40 AM | Computer Name = AMD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
while processing the file 'Cache' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 6/12/2011 4:54:28 PM | Computer Name = AMD | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >
  • 0

#5
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I am running aswMBR right now. Although it will not let me access the internet through firefox,internet explorer, etc, aswMBR was able to download the Avast virus definitions.

oops sorry, i have to do the procedure first.

Edited by elee23, 20 July 2011 - 10:48 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
O4 - HKCU..\Run: [2337832407] C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe ()
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe" -a "%1" %* ()
[2011/06/22 20:43:49 | 000,000,000 | ---D | C] -- C:\90일 완성 홈피트니 프로그램 P90X
[2011/07/20 09:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/20 08:40:23 | 000,018,530 | -HS- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1
[2011/07/20 08:40:23 | 000,018,530 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1
[2011/07/19 22:37:02 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe

:Files
C:\Documents and Settings\lee\Local Settings\Application Data\*.exe     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Uninstall:
Java™ 6 Update 22
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 3
Java™ SE Development Kit 6 Update 14
Java Auto Updater
Java 2 Runtime Environment, SE v1.4.2_18
Ask Toolbar
DAEMON Tools Toolbar


Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Your Microsoft Security Essentials anti-virus is broken.
Download and Save the Avast installer.
http://www.avast.com...ivirus-download
Uninstall Microsoft Security Essentials
reboot
Install Avast.
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron
  • 0

#7
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\2337832407 not found.
File C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
File "C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe" -a "%1" %* not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Folder C:\90? ?? ???? ???? P90X\ not found.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Documents and Settings\lee\Local Settings\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1 moved successfully.
C:\Documents and Settings\All Users\Application Data\shub56m5n5bfp5c7f61cqx1a758ql4nl1 moved successfully.
File C:\Documents and Settings\lee\Local Settings\Application Data\fex.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\lee\Local Settings\Application Data\*.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_204435

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
i could not find ask toolbar, daemon toolbar, or java auto updater in add/remove programs.
  • 0

#9
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
OTL logfile created on: 7/21/2011 9:19:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 480.86 Mb Available Physical Memory | 46.98% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.84 Gb Free Space | 27.74% Space Free | Partition Type: NTFS
Drive D: | 88.93 Gb Total Space | 5.03 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 772.78 Mb Free Space | 79.17% Space Free | Partition Type: FAT

Computer Name: AMD | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 09:33:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011/06/14 00:16:00 | 000,321,112 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
PRC - [2011/06/09 21:03:00 | 000,549,464 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3Lite\V3LTray.exe
PRC - [2011/05/13 01:18:00 | 000,652,904 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/02 18:36:16 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2009/04/23 06:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/04/19 14:05:23 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 17:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2006/05/12 14:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/11/15 03:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/20 09:33:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/05/12 14:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/09/29 22:35:00 | 001,441,792 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2004/09/29 22:35:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/14 00:16:00 | 000,321,112 | ---- | M] (AhnLab, Inc.) [Auto | Running] -- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe -- (V3 Lite Service)
SRV - [2011/05/13 01:18:00 | 000,652,904 | ---- | M] (AhnLab, Inc.) [Auto | Running] -- C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe -- (sgsvc)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/24 18:41:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/19 14:05:23 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 20:53:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\MpKsleb3e4b2b.sys -- (MpKsleb3e4b2b)
DRV - [2011/07/21 20:12:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\MpKsl82fd8206.sys -- (MpKsl82fd8206)
DRV - [2011/07/18 02:05:00 | 002,030,032 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\v3engine.sys -- (v3engine)
DRV - [2011/07/18 02:05:00 | 001,549,904 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ahnsze.sys -- (AhnSZE)
DRV - [2011/07/15 00:36:00 | 000,182,880 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\VPDrvNt.sys -- (VPDrvNt)
DRV - [2011/07/12 18:04:00 | 000,239,984 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\MeDCoreD.sys -- (MeDCoreD_V3LITE)
DRV - [2011/06/03 02:15:00 | 000,167,648 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\V3Flt2k.sys -- (V3Flt2K)
DRV - [2011/06/03 02:15:00 | 000,163,552 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\ATamptNt.sys -- (ATamptNt_V3LITE)
DRV - [2011/06/03 02:15:00 | 000,137,312 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\ASZFltNt.sys -- (ASZFltNt)
DRV - [2011/05/24 01:41:00 | 000,184,160 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\SiteGuard2\atamptnt.sys -- (ATamptNt_ASG)
DRV - [2011/02/14 00:11:00 | 000,055,520 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\TfFRegNt.sys -- (TfFRegNt)
DRV - [2011/02/14 00:11:00 | 000,029,280 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\AHAWKENT.sys -- (TfProcNt)
DRV - [2011/01/14 00:01:00 | 000,054,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRghNt.sys -- (AhnRghNt)
DRV - [2011/01/13 23:58:00 | 000,052,960 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys -- (AhnFlt2k)
DRV - [2010/12/18 04:08:00 | 000,020,320 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRec2k.sys -- (AhnRec2k)
DRV - [2010/07/11 18:44:30 | 000,095,880 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AMonTDnt.sys -- (AMonTDnt)
DRV - [2010/07/11 18:44:00 | 000,053,224 | ---- | M] (AhnLab, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amonhknt.sys -- (AMonHKnt)
DRV - [2009/07/24 16:41:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/20 18:13:13 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/05/12 14:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 14:20:04 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/12 14:20:00 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2006/05/12 14:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 14:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 14:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 14:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/08/22 15:11:44 | 000,200,320 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bender.sys -- (BENDER)
DRV - [2005/06/02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 18:40:26 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/02/09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005/01/04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/11/17 04:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/11/03 13:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/08/18 16:21:00 | 000,189,568 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 18:33:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/21 20:33:20 | 000,000,000 | ---D | M]

[2011/07/21 21:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/13 14:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/06/13 14:32:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/21 20:44:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SGAgentObj Class) - {19217B99-F935-4A39-B857-A68A68D5BEBB} - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AhnLab V3Lite Tray Process] C:\Program Files\AhnLab\V3Lite\V3LTray.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ClubBox] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.0.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enable AhnLab SiteGuard - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O8 - Extra context menu item: &Show Security Checker - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O8 - Extra context menu item: Bluetooth로 보내기(&B) - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} http://download.netm...NMStarter24.cab (NetmarbleStarter24 Class)
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} http://download.netm...NMStarter25.cab (NetmarbleStarter25 Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {1F9079B1-CB38-4DC0-9DAD-080BD2255698} http://wvw.kongdisk....diskControl.CAB (kongdisk File Share Control 5)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {25AD0506-7B48-4594-A414-47BEA5CA4C19} http://club.entoom.c.../CAXEntoomC.cab (CAXEntoomC Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} http://patch.kongdis...ongdiskCtrl.cab (Kongdisk Web Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} http://download.netm...tX/NMTransX.cab (NMTransX Module)
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} http://file.naver.co...x/NaverFile.cab (NaverFileControl Control)
O16 - DPF: {B976AEC6-BEB2-4B98-B21C-7AB1C2B4E8E9} http://goalibaba.com...CAXAlibabaA.cab (CAXAlibabaA Control)
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} http://12.183.160.108./WebDvr3.cab (WebDvr3 Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D885750C-6002-460E-A162-713400FB1FD4} http://www.goalibaba...veXFileCtrl.cab (CActiveXFileCtrl Control)
O16 - DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} http://patch.kongdis...ll/kongdisk.cab (Kongdisk Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} http://www.clubbox.c...MultiUpload.cab (MultiUpload Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.2.1.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/22 14:20:25 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2666c382-17a3-11df-b324-0011d830371d}\Shell - "" = AutoRun
O33 - MountPoints2\{2666c382-17a3-11df-b324-0011d830371d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2666c382-17a3-11df-b324-0011d830371d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{2cc881cc-6688-11dd-b241-0011d830371d}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc881cc-6688-11dd-b241-0011d830371d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2cc881cc-6688-11dd-b241-0011d830371d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{2ec36536-aa54-11db-9244-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec36536-aa54-11db-9244-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ec36536-aa54-11db-9244-806d6172696f}\Shell\AutoRun\command - "" = E:\ASUSACPI.exe
O33 - MountPoints2\{e81ee11e-296f-11dc-b1ea-0011d830371d}\Shell - "" = AutoRun
O33 - MountPoints2\{e81ee11e-296f-11dc-b1ea-0011d830371d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e81ee11e-296f-11dc-b1ea-0011d830371d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/21 09:45:34 | 000,053,224 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\amonhknt.sys
[2011/07/21 09:45:33 | 000,039,512 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\amonlwlh.sys
[2011/07/20 19:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/22 20:43:49 | 000,000,000 | ---D | C] -- C:\90일 완성 홈피트니 프로그램 P90X
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/21 20:58:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/21 20:57:37 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/21 20:57:37 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/21 20:56:21 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/21 20:55:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/21 20:53:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/21 20:33:21 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/07/20 20:57:04 | 000,000,140 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2011/07/20 19:23:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/07/18 02:05:00 | 002,030,032 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2011/07/18 02:05:00 | 001,993,808 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\btscan.exe
[2011/07/18 02:05:00 | 001,549,904 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2011/07/17 01:47:25 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/11 21:08:17 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/21 20:33:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/21 20:33:20 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2010/11/21 20:06:54 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/11/21 20:06:54 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/11/21 20:06:54 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/11/21 20:06:54 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/11/21 20:06:54 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/11/21 20:06:54 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/11/21 20:06:54 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/11/21 20:06:54 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/11/21 20:06:54 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/11/21 20:06:54 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/11/21 20:06:54 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/11/21 20:06:54 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/11/21 20:06:54 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/11/21 20:06:54 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/11/21 20:06:54 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/11/21 20:06:54 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/11/21 20:06:54 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/11/21 20:06:53 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/11/21 20:06:53 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/19 13:34:14 | 000,311,976 | ---- | C] () -- C:\WINDOWS\System32\kongdiskctrl_update.exe
[2010/02/26 22:19:29 | 000,048,900 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/15 03:01:29 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/06/06 16:07:00 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2009/05/30 22:08:22 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/05/30 20:57:20 | 000,000,111 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2009/05/28 20:31:55 | 000,000,117 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2009/05/28 20:30:57 | 000,000,106 | ---- | C] () -- C:\WINDOWS\NVMonitor.INI
[2009/05/28 20:30:43 | 000,000,101 | ---- | C] () -- C:\WINDOWS\nTune.INI
[2009/04/30 22:02:00 | 001,579,630 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/12/16 20:58:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/19 23:31:08 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/07 21:47:07 | 000,000,130 | ---- | C] () -- C:\WINDOWS\a3box_down.dat
[2008/04/29 21:43:56 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/04/19 14:05:23 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2007/11/17 00:12:20 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2007/10/29 23:49:25 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/17 20:03:50 | 000,001,514 | ---- | C] () -- C:\WINDOWS\mbcase.uninst.ini
[2007/09/22 14:28:11 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2007/09/22 14:20:25 | 000,001,289 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2007/09/22 14:20:24 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2007/09/22 14:20:24 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/09/22 14:20:24 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2007/09/22 14:20:24 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2007/09/22 14:20:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/06/01 21:38:44 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2007/06/01 21:38:44 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007/04/22 09:56:21 | 000,000,576 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/04 18:56:44 | 000,030,488 | ---- | C] () -- C:\WINDOWS\System32\NaverBroker.exe
[2007/02/10 09:34:10 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/23 00:02:13 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\nod.dll
[2007/01/23 00:01:32 | 000,001,183 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2007/01/23 00:01:31 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2007/01/22 22:29:52 | 000,000,140 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/01/22 22:02:25 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2007/01/22 22:02:25 | 000,039,208 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2007/01/22 22:02:25 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\msiuins.exe
[2007/01/22 22:02:24 | 000,039,208 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2007/01/22 21:54:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/22 21:54:24 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/01/22 21:54:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/01/22 21:52:38 | 000,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/01/22 21:52:25 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/01/22 21:52:23 | 000,005,914 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/01/22 21:52:22 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/01/22 21:43:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/01/22 21:39:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/22 13:16:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/01/22 13:14:28 | 000,240,736 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/12 14:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/09/06 20:13:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\NMUninst18.exe
[2004/12/20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/09/28 10:14:04 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,432,492 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,067,448 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/11 02:26:10 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >
  • 0

#10
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
OTL Extras logfile created on: 7/21/2011 9:19:03 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 480.86 Mb Available Physical Memory | 46.98% Memory free
2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.84 Gb Free Space | 27.74% Space Free | Partition Type: NTFS
Drive D: | 88.93 Gb Total Space | 5.03 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
Drive G: | 976.13 Mb Total Space | 772.78 Mb Free Space | 79.17% Space Free | Partition Type: FAT

Computer Name: AMD | User Name: lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fscagent.exe" = C:\WINDOWS\system32\fscagent.exe:*:Enabled:클럽박스 파일전송 데몬
"C:\WINDOWS\system32\clubbox.exe" = C:\WINDOWS\system32\clubbox.exe:*:Enabled:A¬·´¹U½º ÆAAIAu¼U °u¸®AU
"C:\WINDOWS\system32\grdmgr.exe" = C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN 파일전송 데몬 -- (나우콤)
"C:\WINDOWS\system32\pdrtvsvr.exe" = C:\WINDOWS\system32\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control -- (PandoraTV)
"C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn" = C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn:*:Enabled:MSProxy.ahn
"C:\Documents and Settings\lee\Local Settings\Temp\nsb8.tmp\utorrent.exe" = C:\Documents and Settings\lee\Local Settings\Temp\nsb8.tmp\utorrent.exe:*:Enabled:μTorrent
"C:\Documents and Settings\lee\Local Settings\Temp\nshA.tmp\utorrent.exe" = C:\Documents and Settings\lee\Local Settings\Temp\nshA.tmp\utorrent.exe:*:Enabled:μTorrent
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\Documents and Settings\lee\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\lee\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager
"C:\Program Files\AndU\Andu Plus\bin\AnduP2P.exe" = C:\Program Files\AndU\Andu Plus\bin\AnduP2P.exe:*:Enabled:AndU Plus -- (Hanarodream.corp.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary
"G:\League of Legends\air\LolClient.exe" = G:\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"G:\League of Legends\game\League of Legends.exe" = G:\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\League of Legends\air\LolClient.exe" = C:\Program Files\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"C:\Program Files\League of Legends\game\League of Legends.exe" = C:\Program Files\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F866D37-22D0-435D-94F1-31A64D566D0E}" = Pinnacle device drivers
"{49FC50FC-F965-40D9-89B4-CBFF80941KOR}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBBD1EE8_6012_48d8_AE46_89386CA2DCC6}" = V3 Lite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EBB4463F_E248_42E5_8153_7C35537CAEAD}" = AhnLab SiteGuard 2.0
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALSong_is1" = ALSong
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"BN_DesktopReader" = NOOK for PC
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DPP" = Canon Utilities Digital Photo Professional 3.0
"DtsFilter" = DTS+AC3 필터
"EOS Utility" = Canon Utilities EOS Utility
"GOM Player" = GOM Player
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ODSK" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SMPlayer" = SMPlayer 0.6.9
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"The Rosetta Stone" = The Rosetta Stone
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"QUICKMEDIACONVERTER" = QMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/1/2010 10:31:32 PM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application kongdiskdownload.exe, version 1.2.0.1, faulting
module kongdiskdownload.exe, version 1.2.0.1, fault address 0x0001ac56.

Error - 5/6/2010 1:44:14 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 5/10/2010 10:38:16 PM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application kongdiskdownload.exe, version 1.2.0.1, faulting
module kongdiskdownload.exe, version 1.2.0.1, fault address 0x0001ac56.

Error - 5/14/2010 8:29:55 PM | Computer Name = AMD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2010 1:27:55 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 5/21/2010 4:02:10 PM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 5.0.1.329, faulting module
unknown, version 0.0.0.0, fault address 0x00003a60.

Error - 5/23/2010 2:44:10 AM | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 5.0.1.329, faulting module
acrord32.exe, version 5.0.1.329, fault address 0x0018234f.

Error - 5/26/2010 2:50:15 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 6/3/2010 3:26:54 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

Error - 6/6/2010 12:11:23 AM | Computer Name = AMD | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 7/22/2011 12:12:28 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:28 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:28 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:29 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:29 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:29 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:29 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:29 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:29 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/22/2011 12:12:30 AM | Computer Name = AMD | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
  • 0

Advertisements


#11
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7227

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/21/2011 9:51:45 PM
mbam-log-2011-07-21 (21-51-45).txt

Scan type: Quick scan
Objects scanned: 178546
Time elapsed: 18 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
ComboFix 11-07-21.04 - lee 1/2011 Thu 22:28:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.949.82.1033.18.1023.423 [GMT -7:00]
Running from: c:\documents and settings\lee\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: V3 Lite *Disabled/Updated* {A5B78720-5B41-4D39-B70F-131ABDA6F977}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ALZ4CA.tmp
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV.cfg
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV0.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV1.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV2.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV3.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV4.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV5.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV6.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV7.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV8.che
c:\documents and settings\lee\Local Settings\Temporary Internet Files\PDRTV9.che
c:\documents and settings\lee\WINDOWS
c:\recycled\Recycled
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 04:31 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 04:31 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 04:31 . 2011-07-22 04:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-22 03:53 . 2011-07-22 03:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\MpKsleb3e4b2b.sys
2011-07-22 03:12 . 2011-07-22 03:12 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\MpKsl82fd8206.sys
2011-07-21 16:45 . 2010-07-12 01:44 53224 ----a-w- c:\windows\system32\drivers\amonhknt.sys
2011-07-21 16:45 . 2010-04-20 08:12 39512 ----a-w- c:\windows\system32\drivers\amonlwlh.sys
2011-07-21 16:44 . 2011-07-20 16:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\mpengine.dll
2011-07-21 02:47 . 2011-07-21 02:47 -------- d-----w- c:\documents and settings\lee\Application Data\Malwarebytes
2011-07-21 02:47 . 2011-07-21 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-23 03:43 . 2011-06-23 03:43 -------- d-----w- C:\90ÀÏ ¿Ï¼º ȨÇÇÆ®´Ï ÇÁ·Î±×·¥ P90X
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-21 02:23 . 2011-06-12 14:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-18 09:05 . 2011-04-03 23:44 2030032 ----a-w- c:\windows\system32\drivers\v3engine.sys
2011-07-18 09:05 . 2011-04-03 23:44 1549904 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2011-07-18 09:05 . 2010-11-17 03:00 1993808 ----a-w- c:\windows\system32\btscan.exe
2011-05-10 03:38 . 2011-05-10 03:38 58704 ----a-r- c:\documents and settings\lee\Application Data\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
2011-04-14 16:26 . 2011-06-13 21:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 20:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\lee\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 50520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-11-09 532480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
"nwiz"="nwiz.exe" [2004-09-30 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-09-30 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AhnLab V3Lite Tray Process"="c:\program files\AhnLab\V3Lite\V3LTray.exe" [2011-06-10 549464]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
Driver performer.lnk - c:\documents and settings\lee\Local Settings\Temp\7ZipSfx.000\dp.exe [N/A]
PHOTOfunSTUDIO 5.0.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-11-21 172544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\grdmgr.exe"=
"c:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Documents and Settings\\lee\\Application Data\\mjusbsp\\magicJack.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AndU\\Andu Plus\\bin\\AnduP2P.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/15/2007 9:47 PM 721904]
R1 MpKsl82fd8206;MpKsl82fd8206;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\MpKsl82fd8206.sys [7/21/2011 8:12 PM 28752]
R1 MpKsleb3e4b2b;MpKsleb3e4b2b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{94CE02C4-5C1C-4CAD-B361-0AF469142489}\MpKsleb3e4b2b.sys [7/21/2011 8:53 PM 28752]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/21/2011 9:31 PM 366640]
R2 sgsvc;SiteGuard Service;c:\program files\AhnLab\SiteGuard2\sgsvc.exe [4/3/2011 4:32 PM 652904]
R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\drivers\AhnFlt2k.sys [4/3/2011 4:32 PM 52960]
R3 AhnRec2k;AhnRec2k;c:\windows\system32\drivers\AhnRec2k.sys [4/3/2011 4:32 PM 20320]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [4/3/2011 4:32 PM 54368]
R3 ATamptNt_ASG;ATamptNt_ASG;c:\program files\AhnLab\SiteGuard2\atamptnt.sys [4/3/2011 4:32 PM 184160]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [9/22/2007 3:10 PM 200320]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [4/3/2011 4:32 PM 19616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/21/2011 9:31 PM 22712]
R4 AMonHKnt;AMonHKnt;c:\windows\system32\drivers\amonhknt.sys [7/21/2011 9:45 AM 53224]
R4 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AMonTDnt.sys [4/3/2011 4:32 PM 95880]
S1 MpKsla742c911;MpKsla742c911;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5863B13-D0EF-4CC3-9A3F-B9244D711845}\MpKsla742c911.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F5863B13-D0EF-4CC3-9A3F-B9244D711845}\MpKsla742c911.sys [?]
S1 MpKsladaa3ac2;MpKsladaa3ac2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD44F6CA-7A10-4E0E-9037-C642FE42FDCB}\MpKsladaa3ac2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD44F6CA-7A10-4E0E-9037-C642FE42FDCB}\MpKsladaa3ac2.sys [?]
S2 V3 Lite Service;V3 Lite Service;c:\program files\AhnLab\V3Lite\V3LSvc.exe [4/3/2011 4:31 PM 321112]
S3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [4/3/2011 4:44 PM 1549904]
S3 ASZFltNt;ASZFltNt;c:\progra~1\AhnLab\V3Lite\ASZFltNt.sys [4/3/2011 4:32 PM 137312]
S3 ATamptNt_V3LITE;ATamptNt_V3LITE;c:\progra~1\AhnLab\V3Lite\ATamptNt.sys [4/3/2011 4:32 PM 163552]
S3 MeDCoreD_V3LITE;MeDCoreD_V3LITE;c:\program files\AhnLab\V3Lite\MeDCoreD.sys [4/3/2011 4:32 PM 239984]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 TfFRegNt;TfFRegNt;c:\program files\AhnLab\V3Lite\TfFRegNt.sys [4/3/2011 4:32 PM 55520]
S3 TfProcNt;TfProcNt;c:\program files\AhnLab\V3Lite\AHAWKENT.sys [4/3/2011 4:32 PM 29280]
S3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [4/3/2011 4:44 PM 2030032]
S3 V3Flt2K;V3Flt2K;c:\program files\AhnLab\V3Lite\V3Flt2k.sys [4/3/2011 4:32 PM 167648]
S3 VPDrvNt;VPDrvNt;c:\program files\AhnLab\V3Lite\VPDrvNt.sys [4/3/2011 4:32 PM 182880]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - MPKSLEB3E4B2B
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: &Enable AhnLab SiteGuard - c:\program files\AhnLab\SiteGuard2\sgagenti.dll/202
IE: &Show Security Checker - c:\program files\AhnLab\SiteGuard2\sgagenti.dll/201
IE: Bluetooth·Î º¸³»±â(&B) - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter24.cab
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab
DPF: {1F9079B1-CB38-4DC0-9DAD-080BD2255698} - hxxp://wvw.kongdisk.com/activex/KongdiskControl.CAB
DPF: {25AD0506-7B48-4594-A414-47BEA5CA4C19} - hxxp://club.entoom.com/setup/CAXEntoomC.cab
DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} - hxxp://patch.kongdisk.com/install/KongdiskCtrl.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.com/NMChatX/NMTransX.cab
DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} - hxxp://file.naver.com/activex/NaverFile.cab
DPF: {B976AEC6-BEB2-4B98-B21C-7AB1C2B4E8E9} - hxxp://goalibaba.com/setup/CAXAlibabaA.cab
DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} - hxxp://12.183.160.108./WebDvr3.cab
DPF: {D885750C-6002-460E-A162-713400FB1FD4} - hxxp://www.goalibaba.com/setup/CActiveXFileCtrl.cab
DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} - hxxp://patch.kongdisk.com/install/kongdisk.cab
DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
FF - ProfilePath - c:\documents and settings\lee\Application Data\Mozilla\Firefox\Profiles\dhc4ad1q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ClubBox - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 22:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-884357618-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:38,ef,96,a9,9a,a3,70,44,bf,1c,1a,89,2f,bc,af,ee,a8,e4,b4,8d,d6,
33,d2,d3,fc,f5,a2,b3,df,89,0c,ae,9e,0a,50,5d,0f,50,30,84,28,b0,ad,4f,0b,42,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2011-07-21 22:45:38
ComboFix-quarantined-files.txt 2011-07-22 05:45
.
Pre-Run: 11,557,498,880 bytes free
Post-Run: 13,854,035,968 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A56F1B37F196A8644E03701AD23E187B
  • 0

#13
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Unfortunately, in the process of disinfecting the main computer, I seem to have gotten an infection on this laptop which I have been using to transfer the programs needed to the main computer. I am in the process of doing a full scan with Malwarebytes on this laptop. The only reason why I knew there was a virus was a small pop-up box on start-up.

here is the pop-up box:Posted Image
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Also want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.

Can you run OTL, Malware Bytes and Combofix on the working PC and post the logs?

Ron
  • 0

#15
elee23

elee23

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
flash_disinfector will not open when i double click it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP