Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple iExplorer.exe in Task Manager Processes

Started by AConnect , Sep 12 2011 03:08 PM

  • This topic is locked This topic is locked

#1
AConnect
Posted 12 September 2011 - 03:08 PM

AConnect

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

I seem to have picked up some malware in which everytime I open internet explorer, multiple iexplorer.exe pop up in the task manager DRASTICALLY slowing down performance. In addition, one pop up or so occurs due to this every 30 mins roughly. I've tried multiple anti-malware programs to fix this including Malware Bytes, SuperAntiSpyware and a few others, but this one seems to elude their grasps.

Attached is the OTL file.

To whomever picks this file up and helps me, I thank you very much as I know you are doing this of your own free time and will.

Now to the nasty bit:

OTL logfile created on: 9/12/2011 5:00:05 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Jean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.92% Memory free
3.84 Gb Paging File | 3.24 Gb Available in Paging File | 84.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 240.61 Gb Free Space | 81.64% Space Free | Partition Type: NTFS

Computer Name: SONG | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/12 16:58:05 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
PRC - [2011/09/07 12:05:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2009/08/23 16:59:45 | 000,186,912 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/10 09:56:01 | 009,965,437 | ---- | M] (K.G.Y.L. Associates, Inc.) -- \\Server\ATI\main.exe
PRC - [2008/10/02 15:34:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/09/23 18:08:12 | 000,176,128 | ---- | M] (Fasoo.com) -- C:\Program Files\Fasoo DRM\fph.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 12:05:02 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/10 03:12:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 03:12:18 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
MOD - [2011/08/10 03:12:13 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/08/10 03:11:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 03:10:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 03:08:26 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/16 03:21:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/26 21:07:32 | 003,884,312 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/06/11 22:32:28 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/09/17 18:33:04 | 000,919,416 | ---- | M] (ESTsoft Corp) [Auto | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye -- (ALYac_PZSrv)
SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2009/08/23 16:59:45 | 000,186,912 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008/10/02 15:34:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/23 10:45:44 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\Jean\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 01:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/12/21 01:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/01 20:23:48 | 000,189,656 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2010/08/01 20:23:48 | 000,018,232 | ---- | M] (SoftCamp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2009/12/21 02:14:00 | 000,121,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2009/12/21 02:14:00 | 000,101,336 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/12/18 04:28:00 | 000,095,592 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmonTDNt.sys -- (AMonTDnt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/20 21:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/05/08 16:32:08 | 000,021,248 | ---- | M] (Space International,Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ezty2usb.sys -- (ezty2usb)
DRV - [2009/02/09 15:06:44 | 000,053,536 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt)
DRV - [2009/01/19 14:46:34 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb)
DRV - [2008/12/18 20:57:44 | 000,024,312 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC)
DRV - [2008/09/26 14:06:40 | 000,020,424 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC)
DRV - [2008/07/30 15:09:37 | 000,017,408 | ---- | M] (MobileTop) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPUSB.sys -- (shspusb)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/18 20:41:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/10/28 20:31:22 | 000,009,216 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSKD24.sys -- (JRSKD24)
DRV - [2007/10/28 20:31:22 | 000,006,784 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSUKD24.sys -- (JRSUKD24)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/26 11:10:14 | 000,004,598 | ---- | M] (Fasoo.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\f_kp.sys -- (f_kp)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://asp.editrade.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_315\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnifiedToolbar\3.2\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 12:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/29 15:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Extensions
[2011/08/29 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 20:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 12:05:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/10/02 16:27:32 | 000,000,070 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 60.210.176.251
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FPH Exe] C:\Program Files\Fasoo DRM\fph.exe (Fasoo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google 사이드위키... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: editrade.com ([asp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: editrade.com ([asp] https in Trusted sites)
O15 - HKCU\..Trusted Domains: koreanair.com ([cargo] http in Trusted sites)
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} http://fx.hauri.net/...iveRobotWeb.cab (HLiveRobotWeb Control)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} http://ecos.bok.or.k...070614_0910.cab (CyMiInstaller320 Class)
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} http://www.iloveschool.co.kr/cfcli.cab (CfClient Class)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} http://portal.custom.../easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} http://img.shinhan.c...down/INIS70.cab (INISAFE Updater Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://img.shinhan.c...03151/SCSK4.cab (SCSK Control)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} http://portal.custom...agicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {3DBD0562-7FB7-461A-842C-F63A1AD8C2DE} http://www.hanjin.co...gnE_Install.cab (XESignE Class)
O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} http://www.editrade....dp/TPRDPenN.cab (.print Client RDP Webinstall)
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} http://img.shinhan.c...t/Printmade.cab (Printmade Control)
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} http://img.shinhan.c...orksGrid_78.cab (ProWorksGrid Control)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum....eb/CKKeyPro.cab (XecureCKKB Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1206050226968 (MUWebControl Class)
O16 - DPF: {6E4FE796-2693-4404-A4ED-A2565CAD7ABB} http://www.etrade.co...x/EtradeWeb.cab (ETWebGate Control)
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} http://61.40.216.19/IniMasPlugin.cab (IniMasHandler Class)
O16 - DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} http://210.90.46.53/...X/ictPrintX.cab (ictPrintXForm Control)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Stm Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://www2.hanjin.c.../xw_install.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {81A15AF3-21E3-4F07-A5BD-3FA8AE83AF83} http://www.jjangdisk...DiskControl.CAB (JJangDisk File Share Control 5)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://isf.freightst...com/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://asp.editrade.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} http://img.shinhan.c...madeActiveX.cab (Printmade S 1.5.9)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} Reg Error: Key error. (SG_CAppAtx Control)
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.co...ayctl/sayax.cab (Sayclub Login Control)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} http://portal.custom.../MagicPassX.cab (MagicPass Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,8 (Daum ActiveX manager Class)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} http://portal.custom...taller_full.cab (EwsLoader Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} http://203.232.224.1.../ZTransferX.cab (ZTransferX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworl...age/skcinst.cab (SKCInst1 Class)
O16 - DPF: {CC796C4C-12F5-4BEE-ABB3-3A9F863B8D6E} http://webmail.hufs....iFileUpload.cab (KebiFileUpload Control)
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} http://update.nprote.../module/npx.cab (NPX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprote...eowiz/npkcx.cab (NPKCX Control)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} https://plugin.inici...INIwallet60.cab (INIwallet60 Control)
O16 - DPF: {E986BA49-C761-4E8F-B1A8-7F3CBE402683} http://webmail.hufs....biInstaller.cab (KebiInstaller Control)
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} http://img.shinhan.c...oTrustSiteX.cab (ShbAutoTrustSite Control)
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} http://www.etrade.co...cx/SKCommAX.cab (SKCommAX Control)
O16 - DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} file:///C:/Documents%20and%20Settings/CHB/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab (TeeChart Pro Activex control v7)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.co...averAXGuide.cab (NaverAXGuide Class)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F5769F-9D2C-4A9D-B00C-D18A1B88E07A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10121.dll (© INITECH)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ca2aea90-f6a1-11dc-aeb5-001d098beab1}\Shell - "" = AutoRun
O33 - MountPoints2\{ca2aea90-f6a1-11dc-aeb5-001d098beab1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca2aea90-f6a1-11dc-aeb5-001d098beab1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/12 16:58:05 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 10:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\SuperAdBlocker.com
[2011/08/31 10:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\SuperAdBlocker.com
[2011/08/29 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/29 17:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Start Menu\Programs\HiJackThis
[2011/08/29 16:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\My Documents\Downloads
[2011/08/29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Local Settings\Application Data\Mozilla
[2011/08/29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Mozilla
[2011/08/29 15:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/08/26 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 16:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/24 14:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/08/24 12:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Malwarebytes
[2011/08/24 12:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/24 12:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 12:36:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jean\IECompatCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/12 16:59:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3DD6D76-D049-455C-932E-077DC6DC0A74}.job
[2011/09/12 16:58:05 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
[2011/09/12 16:50:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/12 16:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/12 16:07:22 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Server.lnk
[2011/09/12 16:05:33 | 000,089,387 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110811.pdf
[2011/09/12 16:05:20 | 000,074,723 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110809.pdf
[2011/09/12 12:44:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 11:29:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/08 11:29:26 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/08 11:29:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/08 11:29:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/08 11:29:19 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 11:21:28 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/09/03 06:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/01 09:16:23 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\HiJackThis.lnk
[2011/08/31 18:51:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ORUN32.EXE
[2011/08/31 18:51:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2011/08/29 15:58:07 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/29 15:08:52 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Shortcut to main.exe.lnk
[2011/08/24 14:36:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1678668021
[2011/08/23 17:49:00 | 000,763,041 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\A WHSE.pdf
[2011/08/23 17:49:00 | 000,345,515 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\BIZ INFO.pdf
[2011/08/15 14:55:29 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/12 16:05:33 | 000,089,387 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110811.pdf
[2011/09/12 16:05:20 | 000,074,723 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110809.pdf
[2011/08/31 18:51:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORUN32.EXE
[2011/08/31 18:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2011/08/31 09:02:06 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/29 17:52:37 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\HiJackThis.lnk
[2011/08/29 15:58:07 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/29 15:58:07 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/29 15:07:46 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\Shortcut to main.exe.lnk
[2011/08/24 12:39:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1678668021
[2011/08/23 17:49:00 | 000,763,041 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\A WHSE.pdf
[2011/08/23 17:49:00 | 000,345,515 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\BIZ INFO.pdf
[2011/06/06 17:26:59 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\wklnhst.dat
[2011/03/22 13:57:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\$_hpcst$.hpc
[2011/01/04 16:40:36 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7040.dat
[2011/01/04 16:39:56 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/01/04 16:39:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/11/04 19:21:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2010/08/01 20:23:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/01 19:47:40 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll
[2009/08/26 20:02:31 | 000,005,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/02 12:41:33 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll
[2009/04/15 14:00:52 | 000,000,581 | ---- | C] () -- C:\WINDOWS\HDINFO50.INI
[2009/02/18 16:31:55 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/02/18 16:31:55 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/01/05 19:52:19 | 000,121,299 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2009/01/05 19:52:19 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2008/12/26 18:28:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\ETKCommInfoWeb.ini
[2008/12/17 17:43:46 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll
[2008/10/10 15:43:10 | 000,218,194 | ---- | C] () -- C:\WINDOWS\System32\MaPrintInfoDamon.dat
[2008/07/30 15:09:01 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdiun2k.ini
[2008/07/30 15:09:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\GetMP4Info.dll
[2008/07/30 15:09:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTDIUNIN.INI
[2008/07/30 15:08:59 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/07/30 15:08:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2008/07/25 12:43:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/16 16:44:06 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2008/05/05 11:22:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/05/05 11:22:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/29 13:13:57 | 000,000,889 | ---- | C] () -- C:\WINDOWS\UninstFW.ini
[2008/04/24 14:59:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\npScan.dll
[2008/04/24 14:59:41 | 000,000,198 | ---- | C] () -- C:\WINDOWS\CHB.INI
[2008/04/10 19:54:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2008/04/10 19:53:52 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfga.ini
[2008/03/26 20:43:13 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/03/26 20:43:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/03/26 14:35:04 | 000,000,825 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/26 14:35:04 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/26 14:35:04 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2008/03/26 14:35:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/26 14:33:30 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/24 11:58:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ATPlayer.INI
[2008/03/24 11:56:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\H263Encoder.dll
[2008/03/24 11:56:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\H263Decoder.dll
[2008/03/24 11:56:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AnsZip35.dll
[2008/03/24 11:56:13 | 000,000,447 | ---- | C] () -- C:\WINDOWS\nanumixp.ini
[2008/03/21 12:33:36 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/20 14:01:10 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/18 20:44:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/18 20:40:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/18 20:34:20 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/18 20:34:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/18 20:11:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/18 20:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/03/18 20:10:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/16 23:12:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM0.DLL
[2007/10/16 10:13:46 | 000,083,344 | ---- | C] () -- C:\WINDOWS\System32\MaCommAPI.dll
[2007/10/10 21:15:50 | 000,042,384 | ---- | C] () -- C:\WINDOWS\System32\MaMakeUp.dll
[2007/07/25 04:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/29 22:11:36 | 000,045,113 | ---- | C] () -- C:\WINDOWS\System32\ETKCommAPIWeb.dll
[2007/06/29 22:11:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ETKDataMngrWeb.dll
[2006/12/12 11:15:00 | 000,008,517 | ---- | C] () -- C:\WINDOWS\System32\np_kor.ini
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 11:12:46 | 000,950,272 | ---- | C] () -- C:\WINDOWS\System32\npdownv.exe
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/02/26 05:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/05 17:02:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\npnv3uninst.exe
[2005/11/18 16:53:56 | 000,505,856 | ---- | C] () -- C:\WINDOWS\System32\ictprn.dll
[2005/08/01 19:46:48 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\ALZZip.BIN
[2005/08/01 19:46:08 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\ALZALZ.BIN
[2005/06/14 21:27:46 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\HKDown.exe
[2005/05/17 16:36:26 | 000,008,023 | ---- | C] () -- C:\WINDOWS\System32\np_eng.ini
[2005/05/12 17:29:36 | 000,008,821 | ---- | C] () -- C:\WINDOWS\System32\np_jpn.ini
[2005/03/08 13:38:20 | 000,006,808 | ---- | C] () -- C:\WINDOWS\System32\np_chs.ini
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,379,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,487,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,089,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/10 17:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MACS.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Files - Unicode (All) ==========
[2011/03/04 10:48:03 | 000,038,912 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\OCEAN ?? ??.doc) -- C:\Documents and Settings\Jean\My Documents\OCEAN 작업 단계.doc
[2011/03/02 18:39:10 | 000,016,384 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\?? ???? ??.xls) -- C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls
[2011/03/02 18:39:10 | 000,016,384 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\?? ???? ??.xls) -- C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls
[2011/02/22 19:03:59 | 000,038,912 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\OCEAN ?? ??.doc) -- C:\Documents and Settings\Jean\My Documents\OCEAN 작업 단계.doc
[2011/01/19 10:16:01 | 000,016,384 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\LAX SAV ?? ??.xls) -- C:\Documents and Settings\Jean\My Documents\LAX SAV 해상 운임.xls
[2011/01/19 10:16:01 | 000,016,384 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\LAX SAV ?? ??.xls) -- C:\Documents and Settings\Jean\My Documents\LAX SAV 해상 운임.xls
[2010/12/17 12:00:06 | 000,273,408 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? ?? ???.doc) -- C:\Documents and Settings\Jean\My Documents\거래처 주소 레이블.doc
[2010/12/14 18:10:03 | 000,273,408 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? ?? ???.doc) -- C:\Documents and Settings\Jean\My Documents\거래처 주소 레이블.doc
[2010/11/09 13:09:11 | 000,015,697 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? INV ???? ?? LIST.pdf) -- C:\Documents and Settings\Jean\My Documents\통관시 INV 더할것과 뺄것 LIST.pdf
[2010/11/09 13:09:11 | 000,015,697 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? INV ???? ?? LIST.pdf) -- C:\Documents and Settings\Jean\My Documents\통관시 INV 더할것과 뺄것 LIST.pdf
[2010/11/02 17:13:46 | 000,039,936 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? ??.doc) -- C:\Documents and Settings\Jean\My Documents\조정훈 주소.doc
[2010/11/02 17:13:46 | 000,039,936 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? ??.doc) -- C:\Documents and Settings\Jean\My Documents\조정훈 주소.doc
(C:\Documents and Settings\All Users\Start Menu\Programs\Google ????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Google 업데이터
(C:\Documents and Settings\All Users\Start Menu\Programs\??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\이스트소프트

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 16 September 2011 - 12:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, did you save the Chinese documents here C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls


As it has been a while, I would like to run a slightly different scan - details below

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O1 - Hosts: 127.0.0.1 60.210.176.251
    O33 - MountPoints2\{ca2aea90-f6a1-11dc-aeb5-001d098beab1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Finally rerun OTL with the following settings

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, Post the resultant log .

  • 0

#3
AConnect
Posted 16 September 2011 - 03:42 PM

AConnect

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good Afternoon,

It's fine about the late reply. I'm grateful that you are taking a look into it at all. Per your request, I've attached the aswMBR text log as well as the OTL quick scan log (Which was run after the "Run Fix" one.


aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-16 17:13:27
-----------------------------
17:13:27.468 OS Version: Windows 5.1.2600 Service Pack 3
17:13:27.468 Number of processors: 4 586 0xF0B
17:13:27.468 ComputerName: SONG UserName: Jean
17:13:28.218 Initialize success
17:13:33.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:13:33.171 Disk 0 Vendor: WDC_WD3200AAKS-75VYA0 12.01B02 Size: 305245MB BusType: 3
17:13:35.250 Disk 0 MBR read successfully
17:13:35.250 Disk 0 MBR scan
17:13:35.250 Disk 0 unknown MBR code
17:13:35.250 Disk 0 scanning sectors +625137345
17:13:35.343 Disk 0 scanning C:\WINDOWS\system32\drivers
17:13:43.609 Service scanning
17:13:44.937 Modules scanning
17:13:48.953 Disk 0 trace - called modules:
17:13:48.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:13:48.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7ebab8]
17:13:48.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000076[0x8a775f18]
17:13:48.968 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7ec940]
17:13:48.968 Scan finished successfully
17:14:24.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jean\Desktop\MBR.dat"
17:14:24.421 The log file has been saved successfully to "C:\Documents and Settings\Jean\Desktop\aswMBR.txt"












OTL:
OTL logfile created on: 9/16/2011 5:33:27 PM - Run 3
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Jean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.97% Memory free
3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 241.40 Gb Free Space | 81.90% Space Free | Partition Type: NTFS

Computer Name: SONG | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/16 17:15:04 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
PRC - [2011/09/07 12:05:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2009/08/23 16:59:45 | 000,186,912 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/09/23 18:08:12 | 000,176,128 | ---- | M] (Fasoo.com) -- C:\Program Files\Fasoo DRM\fph.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/07 12:05:02 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/10 03:12:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 03:12:18 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
MOD - [2011/08/10 03:12:13 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/08/10 03:11:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 03:10:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 03:08:26 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/16 03:21:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/01/26 21:07:32 | 003,884,312 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/06/11 22:32:28 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/09/17 18:33:04 | 000,919,416 | ---- | M] (ESTsoft Corp) [Auto | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye -- (ALYac_PZSrv)
SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2009/08/23 16:59:45 | 000,186,912 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008/10/02 15:34:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/23 10:45:44 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\Jean\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 01:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/12/21 01:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/01 20:23:48 | 000,189,656 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2010/08/01 20:23:48 | 000,018,232 | ---- | M] (SoftCamp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2009/12/21 02:14:00 | 000,121,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2009/12/21 02:14:00 | 000,101,336 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/12/18 04:28:00 | 000,095,592 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmonTDNt.sys -- (AMonTDnt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/20 21:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/05/08 16:32:08 | 000,021,248 | ---- | M] (Space International,Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ezty2usb.sys -- (ezty2usb)
DRV - [2009/02/09 15:06:44 | 000,053,536 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt)
DRV - [2009/01/19 14:46:34 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb)
DRV - [2008/12/18 20:57:44 | 000,024,312 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC)
DRV - [2008/09/26 14:06:40 | 000,020,424 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC)
DRV - [2008/07/30 15:09:37 | 000,017,408 | ---- | M] (MobileTop) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPUSB.sys -- (shspusb)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/18 20:41:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/10/28 20:31:22 | 000,009,216 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSKD24.sys -- (JRSKD24)
DRV - [2007/10/28 20:31:22 | 000,006,784 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSUKD24.sys -- (JRSUKD24)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/01/26 11:10:14 | 000,004,598 | ---- | M] (Fasoo.com) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\f_kp.sys -- (f_kp)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://asp.editrade.com/
IE - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_315\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnifiedToolbar\3.2\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 12:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/29 15:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Extensions
[2011/08/29 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 20:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 12:05:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/16 17:15:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3: - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..\Toolbar\WebBrowser - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FPH Exe] C:\Program Files\Fasoo DRM\fph.exe (Fasoo.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google 사이드위키... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O15 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..Trusted Domains: editrade.com ([asp] http in Trusted sites)
O15 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..Trusted Domains: editrade.com ([asp] https in Trusted sites)
O15 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..Trusted Domains: koreanair.com ([cargo] http in Trusted sites)
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} http://fx.hauri.net/...iveRobotWeb.cab (HLiveRobotWeb Control)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} http://ecos.bok.or.k...070614_0910.cab (CyMiInstaller320 Class)
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} http://www.iloveschool.co.kr/cfcli.cab (CfClient Class)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} http://portal.custom.../easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} http://img.shinhan.c...down/INIS70.cab (INISAFE Updater Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://img.shinhan.c...03151/SCSK4.cab (SCSK Control)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} http://portal.custom...agicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {3DBD0562-7FB7-461A-842C-F63A1AD8C2DE} http://www.hanjin.co...gnE_Install.cab (XESignE Class)
O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} http://www.editrade....dp/TPRDPenN.cab (.print Client RDP Webinstall)
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} http://img.shinhan.c...t/Printmade.cab (Printmade Control)
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} http://img.shinhan.c...orksGrid_78.cab (ProWorksGrid Control)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum....eb/CKKeyPro.cab (XecureCKKB Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1206050226968 (MUWebControl Class)
O16 - DPF: {6E4FE796-2693-4404-A4ED-A2565CAD7ABB} http://www.etrade.co...x/EtradeWeb.cab (ETWebGate Control)
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} http://61.40.216.19/IniMasPlugin.cab (IniMasHandler Class)
O16 - DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} http://210.90.46.53/...X/ictPrintX.cab (ictPrintXForm Control)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Stm Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://www2.hanjin.c.../xw_install.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {81A15AF3-21E3-4F07-A5BD-3FA8AE83AF83} http://www.jjangdisk...DiskControl.CAB (JJangDisk File Share Control 5)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://isf.freightst...com/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://asp.editrade.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} http://img.shinhan.c...madeActiveX.cab (Printmade S 1.5.9)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} Reg Error: Key error. (SG_CAppAtx Control)
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.co...ayctl/sayax.cab (Sayclub Login Control)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} http://portal.custom.../MagicPassX.cab (MagicPass Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,8 (Daum ActiveX manager Class)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} http://portal.custom...taller_full.cab (EwsLoader Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} http://203.232.224.1.../ZTransferX.cab (ZTransferX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworl...age/skcinst.cab (SKCInst1 Class)
O16 - DPF: {CC796C4C-12F5-4BEE-ABB3-3A9F863B8D6E} http://webmail.hufs....iFileUpload.cab (KebiFileUpload Control)
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} http://update.nprote.../module/npx.cab (NPX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprote...eowiz/npkcx.cab (NPKCX Control)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} https://plugin.inici...INIwallet60.cab (INIwallet60 Control)
O16 - DPF: {E986BA49-C761-4E8F-B1A8-7F3CBE402683} http://webmail.hufs....biInstaller.cab (KebiInstaller Control)
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} http://img.shinhan.c...oTrustSiteX.cab (ShbAutoTrustSite Control)
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} http://www.etrade.co...cx/SKCommAX.cab (SKCommAX Control)
O16 - DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} file:///C:/Documents%20and%20Settings/CHB/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab (TeeChart Pro Activex control v7)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.co...averAXGuide.cab (NaverAXGuide Class)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F5769F-9D2C-4A9D-B00C-D18A1B88E07A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10121.dll (© INITECH)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/16 17:15:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/16 17:15:04 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
[2011/09/16 17:13:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jean\Desktop\aswMBR.exe
[2011/08/31 10:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\SuperAdBlocker.com
[2011/08/31 10:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\SuperAdBlocker.com
[2011/08/29 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/29 17:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Start Menu\Programs\HiJackThis
[2011/08/29 16:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\My Documents\Downloads
[2011/08/29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Local Settings\Application Data\Mozilla
[2011/08/29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Mozilla
[2011/08/29 15:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/08/26 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 16:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/24 14:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/08/24 12:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Malwarebytes
[2011/08/24 12:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/24 12:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 12:36:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jean\IECompatCache

========== Files - Modified Within 30 Days ==========

[2011/09/16 17:34:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3DD6D76-D049-455C-932E-077DC6DC0A74}.job
[2011/09/16 17:30:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/16 17:21:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/16 17:21:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/16 17:21:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/16 17:21:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/16 17:21:08 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/16 17:15:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/16 17:15:04 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
[2011/09/16 17:14:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\MBR.dat
[2011/09/16 17:13:22 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jean\Desktop\aswMBR.exe
[2011/09/16 17:09:19 | 000,086,245 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110818.pdf
[2011/09/16 16:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/16 16:47:20 | 000,073,804 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110817.pdf
[2011/09/16 16:47:08 | 000,074,984 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110815.pdf
[2011/09/15 13:04:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/15 09:07:18 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/09/15 09:07:12 | 000,487,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 09:07:12 | 000,089,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/15 03:21:48 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/09/15 03:01:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:25:45 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\bd7040.dat
[2011/09/12 16:07:22 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Server.lnk
[2011/09/01 09:16:23 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\HiJackThis.lnk
[2011/08/31 18:51:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ORUN32.EXE
[2011/08/31 18:51:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2011/08/29 15:58:07 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/29 15:08:52 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Shortcut to main.exe.lnk
[2011/08/24 14:36:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1678668021
[2011/08/23 17:49:00 | 000,763,041 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\A WHSE.pdf
[2011/08/23 17:49:00 | 000,345,515 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\BIZ INFO.pdf

========== Files Created - No Company Name ==========

[2011/09/16 17:14:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\MBR.dat
[2011/09/16 17:09:19 | 000,086,245 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110818.pdf
[2011/09/16 16:47:20 | 000,073,804 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110817.pdf
[2011/09/16 16:47:08 | 000,074,984 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110815.pdf
[2011/08/31 18:51:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORUN32.EXE
[2011/08/31 18:51:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2011/08/31 09:02:06 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/29 17:52:37 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\HiJackThis.lnk
[2011/08/29 15:58:07 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/29 15:58:07 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/29 15:07:46 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\Shortcut to main.exe.lnk
[2011/08/24 12:39:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1678668021
[2011/08/23 17:49:00 | 000,763,041 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\A WHSE.pdf
[2011/08/23 17:49:00 | 000,345,515 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\BIZ INFO.pdf
[2011/06/06 17:26:59 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\wklnhst.dat
[2011/03/22 13:57:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\$_hpcst$.hpc
[2011/01/04 16:40:36 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7040.dat
[2011/01/04 16:39:56 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/01/04 16:39:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/11/04 19:21:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2010/08/01 20:23:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/01 19:47:40 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll
[2009/08/26 20:02:31 | 000,005,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/02 12:41:33 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll
[2009/04/15 14:00:52 | 000,000,581 | ---- | C] () -- C:\WINDOWS\HDINFO50.INI
[2009/02/18 16:31:55 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/02/18 16:31:55 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/01/05 19:52:19 | 000,121,299 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2009/01/05 19:52:19 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2008/12/26 18:28:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\ETKCommInfoWeb.ini
[2008/12/17 17:43:46 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll
[2008/10/10 15:43:10 | 000,218,194 | ---- | C] () -- C:\WINDOWS\System32\MaPrintInfoDamon.dat
[2008/07/30 15:09:01 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdiun2k.ini
[2008/07/30 15:09:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\GetMP4Info.dll
[2008/07/30 15:09:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTDIUNIN.INI
[2008/07/30 15:08:59 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/07/30 15:08:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2008/07/25 12:43:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/16 16:44:06 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2008/05/05 11:22:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/05/05 11:22:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/29 13:13:57 | 000,000,889 | ---- | C] () -- C:\WINDOWS\UninstFW.ini
[2008/04/24 14:59:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\npScan.dll
[2008/04/24 14:59:41 | 000,000,198 | ---- | C] () -- C:\WINDOWS\CHB.INI
[2008/04/10 19:54:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2008/04/10 19:53:52 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfga.ini
[2008/03/26 20:43:13 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/03/26 20:43:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/03/26 14:35:04 | 000,000,825 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/26 14:35:04 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/26 14:35:04 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2008/03/26 14:35:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/26 14:33:30 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/24 11:58:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ATPlayer.INI
[2008/03/24 11:56:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\H263Encoder.dll
[2008/03/24 11:56:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\H263Decoder.dll
[2008/03/24 11:56:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AnsZip35.dll
[2008/03/24 11:56:13 | 000,000,447 | ---- | C] () -- C:\WINDOWS\nanumixp.ini
[2008/03/21 12:33:36 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/20 14:01:10 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/18 20:44:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/18 20:40:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/18 20:34:20 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/18 20:34:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/18 20:11:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/18 20:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/03/18 20:10:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/16 23:12:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM0.DLL
[2007/10/16 10:13:46 | 000,083,344 | ---- | C] () -- C:\WINDOWS\System32\MaCommAPI.dll
[2007/10/10 21:15:50 | 000,042,384 | ---- | C] () -- C:\WINDOWS\System32\MaMakeUp.dll
[2007/07/25 04:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/29 22:11:36 | 000,045,113 | ---- | C] () -- C:\WINDOWS\System32\ETKCommAPIWeb.dll
[2007/06/29 22:11:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ETKDataMngrWeb.dll
[2006/12/12 11:15:00 | 000,008,517 | ---- | C] () -- C:\WINDOWS\System32\np_kor.ini
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 11:12:46 | 000,950,272 | ---- | C] () -- C:\WINDOWS\System32\npdownv.exe
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/02/26 05:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/05 17:02:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\npnv3uninst.exe
[2005/11/18 16:53:56 | 000,505,856 | ---- | C] () -- C:\WINDOWS\System32\ictprn.dll
[2005/08/01 19:46:48 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\ALZZip.BIN
[2005/08/01 19:46:08 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\ALZALZ.BIN
[2005/06/14 21:27:46 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\HKDown.exe
[2005/05/17 16:36:26 | 000,008,023 | ---- | C] () -- C:\WINDOWS\System32\np_eng.ini
[2005/05/12 17:29:36 | 000,008,821 | ---- | C] () -- C:\WINDOWS\System32\np_jpn.ini
[2005/03/08 13:38:20 | 000,006,808 | ---- | C] () -- C:\WINDOWS\System32\np_chs.ini
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,379,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,487,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,089,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/10 17:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MACS.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2011/04/05 13:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/03/12 12:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/29 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
[2008/03/25 10:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
[2010/02/09 11:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inFlow Inventory
[2008/04/29 11:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/03/22 14:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/03/26 14:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/08/01 20:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2008/03/18 20:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/03/18 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/04/05 13:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\agi
[2010/02/11 12:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Hnc
[2011/06/10 12:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\ScanSoft
[2011/04/04 10:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\stickies
[2011/08/31 10:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\SuperAdBlocker.com
[2011/06/06 17:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jean\Application Data\Template
[2011/04/05 13:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2011/04/05 13:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\agi
[2011/09/16 17:21:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/09/16 17:34:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C3DD6D76-D049-455C-932E-077DC6DC0A74}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

========== Files - Unicode (All) ==========
[2011/03/04 10:48:03 | 000,038,912 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\OCEAN ?? ??.doc) -- C:\Documents and Settings\Jean\My Documents\OCEAN 작업 단계.doc
[2011/03/02 18:39:10 | 000,016,384 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\?? ???? ??.xls) -- C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls
[2011/03/02 18:39:10 | 000,016,384 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\?? ???? ??.xls) -- C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls
[2011/02/22 19:03:59 | 000,038,912 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\OCEAN ?? ??.doc) -- C:\Documents and Settings\Jean\My Documents\OCEAN 작업 단계.doc
[2011/01/19 10:16:01 | 000,016,384 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\LAX SAV ?? ??.xls) -- C:\Documents and Settings\Jean\My Documents\LAX SAV 해상 운임.xls
[2011/01/19 10:16:01 | 000,016,384 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\LAX SAV ?? ??.xls) -- C:\Documents and Settings\Jean\My Documents\LAX SAV 해상 운임.xls
[2010/12/17 12:00:06 | 000,273,408 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? ?? ???.doc) -- C:\Documents and Settings\Jean\My Documents\거래처 주소 레이블.doc
[2010/12/14 18:10:03 | 000,273,408 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? ?? ???.doc) -- C:\Documents and Settings\Jean\My Documents\거래처 주소 레이블.doc
[2010/11/09 13:09:11 | 000,015,697 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? INV ???? ?? LIST.pdf) -- C:\Documents and Settings\Jean\My Documents\통관시 INV 더할것과 뺄것 LIST.pdf
[2010/11/09 13:09:11 | 000,015,697 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? INV ???? ?? LIST.pdf) -- C:\Documents and Settings\Jean\My Documents\통관시 INV 더할것과 뺄것 LIST.pdf
[2010/11/02 17:13:46 | 000,039,936 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? ??.doc) -- C:\Documents and Settings\Jean\My Documents\조정훈 주소.doc
[2010/11/02 17:13:46 | 000,039,936 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? ??.doc) -- C:\Documents and Settings\Jean\My Documents\조정훈 주소.doc
(C:\Documents and Settings\All Users\Start Menu\Programs\Google ????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Google 업데이터
(C:\Documents and Settings\All Users\Start Menu\Programs\??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\이스트소프트

< End of report >


Once again, thank you very much!
  • 0

#4
Essexboy
Posted 16 September 2011 - 04:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmmm something there seems a bit hickey so lets get the big boy out

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
AConnect
Posted 19 September 2011 - 10:04 AM

AConnect

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good Afternoon,

Sorry about the delay as I did not have internet access during the weekend.
Attached is the log from ComboFix. Internet explorer still launches quite a few .exe when viewing the Task Manager Processes unfortunately.

**Edit: Upon running internet explorer, 5 iexplorer.exe pop up still within the task manager but the system doesnt come to a crawling halt as before. Perhaps it's normal to have this many iexplorers as I've read some people have 2-3. If it's not normal to have this many, at least we know progress is being made since I can open internet explorer and still browse it without the system lagging to the point of it being un-useable. I think it may be solved but I can't say for certain for the reasons listed before.


ComboFix 11-09-19.01 - Jean 09/19/2011 11:44:53.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1642 [GMT -4:00]
Running from: c:\documents and settings\Jean\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
c:\documents and settings\All Users\Start Menu\Programs\Fasoo.com
c:\documents and settings\All Users\Start Menu\Programs\Fasoo.com\Fasoo Secure Web\Secure Web ??.lnk
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\ConfigWizards.exe.7492e342.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Jean\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
c:\documents and settings\Jean\My Documents\162.gif
c:\documents and settings\Jean\My Documents\162.TIF
c:\progra~1\FASOOD~1\fpH.exe
c:\program files\Fasoo DRM
c:\program files\Fasoo DRM\f_blksc.dll
c:\program files\Fasoo DRM\f_CM.dll
c:\program files\Fasoo DRM\f_drscan.exe
c:\program files\Fasoo DRM\f_sps.dll
c:\program files\Fasoo DRM\f_swv.dll
c:\program files\Fasoo DRM\f_webdm.dll
c:\program files\Fasoo DRM\f_websn.dll
c:\program files\Fasoo DRM\fph.exe
c:\program files\Fasoo DRM\FSWSetup.ini
c:\program files\Fasoo DRM\Log\21.log
c:\program files\Fasoo DRM\Log\70.log
c:\program files\Microsoft Office\OFFICE11\OSA.exe
c:\windows\$NtUninstallKB1259$
c:\windows\$NtUninstallKB1259$\3725727669
c:\windows\$NtUninstallKB1259$\4117761636\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB1259$\4117761636\L\iahonoel
c:\windows\$NtUninstallKB1259$\4117761636\loader.tlb
c:\windows\$NtUninstallKB1259$\4117761636\U\@00000001
c:\windows\$NtUninstallKB1259$\4117761636\U\@000000c0
c:\windows\$NtUninstallKB1259$\4117761636\U\@000000cb
c:\windows\$NtUninstallKB1259$\4117761636\U\@000000cf
c:\windows\$NtUninstallKB1259$\4117761636\U\@80000000
c:\windows\$NtUninstallKB1259$\4117761636\U\@800000c0
c:\windows\$NtUninstallKB1259$\4117761636\U\@800000cb
c:\windows\$NtUninstallKB1259$\4117761636\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\IsUn0412.exe
c:\windows\ORUN32.EXE
c:\windows\system32\AutoRun.inf
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\f_kp.sys
c:\windows\system32\f_kpi.dll
c:\windows\system32\f_pbrc09.dll
c:\windows\system32\f_pbrc12.dll
c:\windows\system32\f_swrc09.dll
c:\windows\system32\f_swrc12.dll
c:\windows\system32\gotomon.log
c:\windows\system32\npkpdb.dll
c:\windows\system32\npx.ocx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_f_kp
-------\Service_f_kp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-16 21:15 . 2011-09-16 21:15 -------- d-----w- C:\_OTL
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
2011-08-31 14:02 . 2011-08-31 14:02 -------- d-----w- c:\documents and settings\Jean\Application Data\SuperAdBlocker.com
2011-08-31 14:02 . 2011-08-31 22:28 -------- d-----w- c:\program files\SuperAdBlocker.com
2011-08-29 21:52 . 2011-08-29 21:52 388096 ----a-r- c:\documents and settings\Jean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-29 21:52 . 2011-08-29 21:52 -------- d-----w- c:\program files\Trend Micro
2011-08-29 19:58 . 2011-08-29 19:58 -------- d-----w- c:\documents and settings\Jean\Local Settings\Application Data\Mozilla
2011-08-29 17:47 . 2011-08-31 13:44 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-08-26 20:17 . 2011-08-29 15:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-26 20:17 . 2011-08-29 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-24 18:38 . 2011-08-24 18:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-08-24 18:34 . 2011-08-24 18:34 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-24 16:48 . 2011-08-24 16:48 -------- d-----w- c:\documents and settings\Jean\Application Data\Malwarebytes
2011-08-24 16:48 . 2011-08-24 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-24 16:48 . 2011-08-29 18:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-24 16:36 . 2011-08-24 16:36 -------- d-sh--w- c:\documents and settings\Jean\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-11 23:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-24 18:48 . 2004-08-11 23:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29 . 2004-08-11 23:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-11 23:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-11 23:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2011-09-07 16:05 . 2011-08-29 19:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-27 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2009-1-28 745472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jean^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\Jean\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-07-17 01:48 69632 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALYac]
2010-09-14 17:02 206712 ----a-w- c:\program files\ESTsoft\ALYac\AYUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-02-10 16:03 745472 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
2004-02-19 12:23 61440 ----a-w- c:\dell\bldbubg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2007-10-30 20:05 77824 ----a-w- c:\program files\Brother\ControlCenter2\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-10-30 20:05 77824 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-03-19 00:37 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
2006-07-31 07:19 475136 ----a-w- c:\program files\Common Files\Hnc\HncUtils\HncUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-17 01:45 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-17 01:45 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 19:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2008-04-14 00:11 177152 ----a-w- c:\windows\system32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 18:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 22:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-07-17 01:45 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-17 01:48 16132608 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-11-11 22:14 49152 ------w- c:\program files\Brother\Brmfl04g\BrStDvPt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-29 16:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 14:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-27 20:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\Wkim\\ATI\\main.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"\\\\Server\\ATI\\main.exe"=
"c:\\Program Files\\stickies\\stickies.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
.
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [12/26/2008 6:06 PM 95592]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [3/9/2011 1:04 PM 20480]
R3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [4/24/2008 2:54 PM 18232]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 6:04 PM 135664]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [3/22/2011 1:57 PM 30312]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [12/2/2008 2:46 PM 24312]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [12/26/2008 6:06 PM 19616]
S3 ezty2;ezty2;\??\c:\windows\system32\ezty2.sys --> c:\windows\system32\ezty2.sys [?]
S3 ezty2usb;ezty2usb;c:\windows\system32\ezty2usb.sys [5/8/2009 4:32 PM 21248]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 6:04 PM 135664]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [10/28/2007 8:31 PM 9216]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [10/28/2007 8:31 PM 6784]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [12/26/2008 6:06 PM 101336]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [12/26/2008 6:06 PM 121504]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [4/24/2008 2:54 PM 189656]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\drivers\HSPUSB.sys [7/30/2008 3:09 PM 17408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3/22/2011 1:57 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3/22/2011 1:57 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3/22/2011 1:57 PM 121576]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\Jean\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [1/23/2008 10:45 AM 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-27 13:09]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:04]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 22:04]
.
2011-09-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2011-09-19 c:\windows\Tasks\User_Feed_Synchronization-{C3DD6D76-D049-455C-932E-077DC6DC0A74}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://asp.editrade.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google ?????... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: editrade.com\asp
Trusted Zone: koreanair.com\cargo
TCP: DhcpNameServer = 192.168.0.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} - hxxp://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} - hxxp://ecos.bok.or.kr/miplatform/install/MiPlatform_Updater320_20070614_0910.cab
DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} - hxxp://www.iloveschool.co.kr/cfcli.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxp://portal.customs.go.kr/cab/easykeytec.cab
DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} - hxxp://portal.customs.go.kr/cab/MagicLoaderX.cab
DPF: {3DBD0562-7FB7-461A-842C-F63A1AD8C2DE} - hxxp://www.hanjin.com/Xecure/XESignE_Install.cab
DPF: {42D683F7-9C1B-11D7-A860-005056C00001} - hxxp://www.editrade.com/cab_rdp/TPRDPenN.cab
DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} - hxxp://img.shinhan.com/rib/ko/print/Printmade.cab
DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid_78.cab
DPF: {6E4FE796-2693-4404-A4ED-A2565CAD7ABB} - hxxp://www.etrade.co.kr/webocx/EtradeWeb.cab
DPF: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://61.40.216.19/IniMasPlugin.cab
DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} - hxxp://210.90.46.53/activeX/ictPrintX.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www2.hanjin.com/Xecure/xw_install.cab
DPF: {81A15AF3-21E3-4F07-A5BD-3FA8AE83AF83} - hxxp://www.jjangdisk.com/activex/JJangDiskControl.CAB
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} - hxxp://img.shinhan.com/rib/ko/print/PrintmadeActiveX.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E}
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} - hxxp://portal.customs.go.kr/cab/MagicPassX.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} - hxxp://portal.customs.go.kr/cab/ewsinstaller_full.cab
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxp://203.232.224.15:8988/oz/viewer35/ZTransferX.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {CC796C4C-12F5-4BEE-ABB3-3A9F863B8D6E} - hxxp://webmail.hufs.ac.kr:8080/nara/activeX/KebiFileUpload.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxps://plugin.inicis.com/wallet60/INIwallet60.cab
DPF: {E986BA49-C761-4E8F-B1A8-7F3CBE402683} - hxxp://webmail.hufs.ac.kr:8080/nara/activeX/KebiInstaller.cab
DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} - hxxp://img.shinhan.com/rib/common/TrustSite/vista/ShbAutoTrustSiteX.cab
DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} - file:///C:/Documents%20and%20Settings/CHB/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/test/NaverAXGuide.cab
FF - ProfilePath - c:\documents and settings\Jean\Application Data\Mozilla\Firefox\Profiles\2dpr8nta.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-FPH Exe - c:\progra~1\FASOOD~1\fph.exe
SafeBoot-18075192.sys
SafeBoot-34703764.sys
MSConfigStartUp-Acrobat Assistant 7 - c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Dr - c:\program files\Fasoo DRM\f_drscan.exe
MSConfigStartUp-FPH Exe - c:\progra~1\FASOOD~1\fph.exe
MSConfigStartUp-GoToMyPC - c:\program files\Citrix\GoToMyPC\g2svc.exe
MSConfigStartUp-KiweeHook - c:\program files\Kiwee Toolbar\3.3\kwtbaim.exe
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe
AddRemove-NaNumi Player - c:\windows\IsUn0412.exe
AddRemove-SamsungAnycallHSPDriver - c:\windows\SamsungUSBDriver\SAMSUNG HSP 2.1.1\Uninstall.exe
AddRemove-SamsungAnycallHSPPlusDriver - c:\windows\SamsungUSBDriver\SAMSUNG HSP Plus 2.5.0\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNt.aye"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\npkcmsvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wscript.exe
.
**************************************************************************
.
Completion time: 2011-09-19 12:00:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-19 16:00
.
Pre-Run: 259,014,799,360 bytes free
Post-Run: 262,894,620,672 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /Execute /fastdetect
.
- - End Of File - - 089062C8817309258D8C234649EE88AB





Once again, thank you for your time.

Edited by AConnect, 19 September 2011 - 10:23 AM.

  • 0

#6
Essexboy
Posted 19 September 2011 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check them out now, for this run of OTL have IE running whilst you do the scan and run OTL with the following script

  • .
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    Iexplore.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    CREATERESTOREPOINT
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#7
AConnect
Posted 19 September 2011 - 01:46 PM

AConnect

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Per your request, I've run another OTL (Using the code that you gave) with IE running in the background.




OTL logfile created on: 9/19/2011 3:39:56 PM - Run 4
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jean\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.15% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.73 Gb Total Space | 244.84 Gb Free Space | 83.07% Space Free | Partition Type: NTFS

Computer Name: SONG | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/19 15:38:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
PRC - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2009/08/23 16:59:45 | 000,186,912 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/02 15:34:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 15:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/10 03:12:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 03:12:18 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
MOD - [2011/08/10 03:12:13 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/08/10 03:11:59 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/10 03:10:00 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/10 03:08:26 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/16 03:21:32 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/08/18 14:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/09/17 18:33:04 | 000,919,416 | ---- | M] (ESTsoft Corp) [Auto | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye -- (ALYac_PZSrv)
SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
SRV - [2009/08/23 16:59:45 | 000,186,912 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008/10/02 15:34:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/23 10:45:44 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\Jean\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 01:55:02 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/12/21 01:55:02 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/08/01 20:23:48 | 000,189,656 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2010/08/01 20:23:48 | 000,018,232 | ---- | M] (SoftCamp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2009/12/21 02:14:00 | 000,121,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2009/12/21 02:14:00 | 000,101,336 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/12/18 04:28:00 | 000,095,592 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmonTDNt.sys -- (AMonTDnt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/20 21:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/05/08 16:32:08 | 000,021,248 | ---- | M] (Space International,Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ezty2usb.sys -- (ezty2usb)
DRV - [2009/02/09 15:06:44 | 000,053,536 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt)
DRV - [2009/01/19 14:46:34 | 000,043,424 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcusb.sys -- (npkcusb)
DRV - [2008/12/18 20:57:44 | 000,024,312 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC)
DRV - [2008/09/26 14:06:40 | 000,020,424 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC)
DRV - [2008/07/30 15:09:37 | 000,017,408 | ---- | M] (MobileTop) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPUSB.sys -- (shspusb)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/18 20:41:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/10/28 20:31:22 | 000,009,216 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSKD24.sys -- (JRSKD24)
DRV - [2007/10/28 20:31:22 | 000,006,784 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSUKD24.sys -- (JRSUKD24)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/08/04 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://asp.editrade.com/
IE - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_315\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\UnifiedToolbar\3.2\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 12:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/29 15:58:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jean\Application Data\Mozilla\Extensions
[2011/08/29 15:58:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 20:34:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/07 12:05:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/19 11:55:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1520.dll (ESTsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google 사이드위키... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O15 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..Trusted Domains: editrade.com ([asp] http in Trusted sites)
O15 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..Trusted Domains: editrade.com ([asp] https in Trusted sites)
O15 - HKU\S-1-5-21-1224609164-1747592403-1521925194-1013\..Trusted Domains: koreanair.com ([cargo] http in Trusted sites)
O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} http://fx.hauri.net/...iveRobotWeb.cab (HLiveRobotWeb Control)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {1A000B1F-B285-4FBF-B3CD-B50845003EBA} http://ecos.bok.or.k...070614_0910.cab (CyMiInstaller320 Class)
O16 - DPF: {27BCC3E9-D724-493B-A79E-C2E12C03407A} http://www.iloveschool.co.kr/cfcli.cab (CfClient Class)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} http://portal.custom.../easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} http://img.shinhan.c...down/INIS70.cab (INISAFE Updater Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://img.shinhan.c...03151/SCSK4.cab (SCSK Control)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} http://portal.custom...agicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {3DBD0562-7FB7-461A-842C-F63A1AD8C2DE} http://www.hanjin.co...gnE_Install.cab (XESignE Class)
O16 - DPF: {42D683F7-9C1B-11D7-A860-005056C00001} http://www.editrade....dp/TPRDPenN.cab (.print Client RDP Webinstall)
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} http://img.shinhan.c...t/Printmade.cab (Printmade Control)
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} http://img.shinhan.c...orksGrid_78.cab (ProWorksGrid Control)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum....eb/CKKeyPro.cab (XecureCKKB Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1206050226968 (MUWebControl Class)
O16 - DPF: {6E4FE796-2693-4404-A4ED-A2565CAD7ABB} http://www.etrade.co...x/EtradeWeb.cab (ETWebGate Control)
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} http://61.40.216.19/IniMasPlugin.cab (IniMasHandler Class)
O16 - DPF: {710E4921-F77C-4D42-8EC4-4DFDEE52508F} http://210.90.46.53/...X/ictPrintX.cab (ictPrintXForm Control)
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} https://mpsnare.iesnare.com/StmOCX.cab (Stm Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://www2.hanjin.c.../xw_install.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {81A15AF3-21E3-4F07-A5BD-3FA8AE83AF83} http://www.jjangdisk...DiskControl.CAB (JJangDisk File Share Control 5)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://isf.freightst...com/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://asp.editrade.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} http://img.shinhan.c...madeActiveX.cab (Printmade S 1.5.9)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} Reg Error: Key error. (SG_CAppAtx Control)
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.co...ayctl/sayax.cab (Sayclub Login Control)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} http://portal.custom.../MagicPassX.cab (MagicPass Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,8 (Daum ActiveX manager Class)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} http://portal.custom...taller_full.cab (EwsLoader Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} http://203.232.224.1.../ZTransferX.cab (ZTransferX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworl...age/skcinst.cab (SKCInst1 Class)
O16 - DPF: {CC796C4C-12F5-4BEE-ABB3-3A9F863B8D6E} http://webmail.hufs....iFileUpload.cab (KebiFileUpload Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprote...eowiz/npkcx.cab (NPKCX Control)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} https://plugin.inici...INIwallet60.cab (INIwallet60 Control)
O16 - DPF: {E986BA49-C761-4E8F-B1A8-7F3CBE402683} http://webmail.hufs....biInstaller.cab (KebiInstaller Control)
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} http://img.shinhan.c...oTrustSiteX.cab (ShbAutoTrustSite Control)
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} http://www.etrade.co...cx/SKCommAX.cab (SKCommAX Control)
O16 - DPF: {FAB9B41C-87D6-474D-AB7E-F07D78F2422E} file:///C:/Documents%20and%20Settings/CHB/Local%20Settings/Compatible%20LocalLow/TOBESOFT/MiPlatform320/Setup/Win32_3.2/teechart7Langs.cab (TeeChart Pro Activex control v7)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.co...averAXGuide.cab (NaverAXGuide Class)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55F5769F-9D2C-4A9D-B00C-D18A1B88E07A}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10121.dll (© INITECH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/19 15:38:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
[2011/09/19 12:01:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/19 11:39:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/19 11:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/19 11:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/19 11:38:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/19 11:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/19 11:38:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/19 11:38:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/19 11:38:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jean\Start Menu\Programs\Administrative Tools
[2011/09/16 17:15:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/31 10:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\SuperAdBlocker.com
[2011/08/31 10:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\SuperAdBlocker.com
[2011/08/29 17:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/29 17:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Start Menu\Programs\HiJackThis
[2011/08/29 16:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\My Documents\Downloads
[2011/08/29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Local Settings\Application Data\Mozilla
[2011/08/29 15:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Mozilla
[2011/08/29 15:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/29 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/08/26 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/26 16:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/24 14:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/08/24 12:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jean\Application Data\Malwarebytes
[2011/08/24 12:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/24 12:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/24 12:36:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jean\IECompatCache

========== Files - Modified Within 30 Days ==========

[2011/09/19 15:39:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C3DD6D76-D049-455C-932E-077DC6DC0A74}.job
[2011/09/19 15:38:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jean\Desktop\OTL.exe
[2011/09/19 15:30:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/09/19 15:26:06 | 000,030,006 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\7501 2195.pdf
[2011/09/19 15:25:59 | 000,013,022 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\7501 2195(2).pdf
[2011/09/19 15:23:31 | 000,037,186 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\3461 2195.pdf
[2011/09/19 14:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/19 12:37:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/19 11:55:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/19 11:55:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/19 11:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/19 11:55:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/09/19 11:54:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/19 11:54:56 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/19 11:42:37 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
[2011/09/19 11:39:45 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2011/09/16 17:09:19 | 000,086,245 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110818.pdf
[2011/09/16 16:47:20 | 000,073,804 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110817.pdf
[2011/09/16 16:47:08 | 000,074,984 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\KO-110815.pdf
[2011/09/15 09:07:18 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/09/15 09:07:12 | 000,487,662 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/15 09:07:12 | 000,089,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/15 03:01:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 19:25:45 | 000,000,065 | ---- | M] () -- C:\WINDOWS\System32\bd7040.dat
[2011/09/12 16:07:22 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Server.lnk
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/01 09:16:23 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\HiJackThis.lnk
[2011/08/29 15:58:07 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/29 15:08:52 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\Shortcut to main.exe.lnk
[2011/08/24 14:36:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1678668021
[2011/08/23 17:49:00 | 000,763,041 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\A WHSE.pdf
[2011/08/23 17:49:00 | 000,345,515 | ---- | M] () -- C:\Documents and Settings\Jean\Desktop\BIZ INFO.pdf

========== Files Created - No Company Name ==========

[2011/09/19 15:25:59 | 000,013,022 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\7501 2195(2).pdf
[2011/09/19 15:25:53 | 000,030,006 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\7501 2195.pdf
[2011/09/19 15:23:25 | 000,037,186 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\3461 2195.pdf
[2011/09/19 12:33:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/19 11:39:45 | 000,000,203 | ---- | C] () -- C:\Boot.bak
[2011/09/19 11:39:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/19 11:38:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/19 11:38:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/19 11:38:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/19 11:38:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/19 11:38:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/16 17:09:19 | 000,086,245 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110818.pdf
[2011/09/16 16:47:20 | 000,073,804 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110817.pdf
[2011/09/16 16:47:08 | 000,074,984 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\KO-110815.pdf
[2011/08/31 09:02:06 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/29 17:52:37 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\HiJackThis.lnk
[2011/08/29 15:58:07 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/29 15:58:07 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/29 15:07:46 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\Shortcut to main.exe.lnk
[2011/08/24 12:39:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1678668021
[2011/08/23 17:49:00 | 000,763,041 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\A WHSE.pdf
[2011/08/23 17:49:00 | 000,345,515 | ---- | C] () -- C:\Documents and Settings\Jean\Desktop\BIZ INFO.pdf
[2011/06/06 17:26:59 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\wklnhst.dat
[2011/03/22 13:57:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jean\Application Data\$_hpcst$.hpc
[2011/01/04 16:40:36 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7040.dat
[2011/01/04 16:39:56 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011/01/04 16:39:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/11/04 19:21:32 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2010/08/01 20:23:48 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010/08/01 19:47:40 | 000,066,920 | ---- | C] () -- C:\WINDOWS\CMListControl.dll
[2009/08/26 20:02:31 | 000,005,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/08/02 12:41:33 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll
[2009/04/15 14:00:52 | 000,000,581 | ---- | C] () -- C:\WINDOWS\HDINFO50.INI
[2009/02/18 16:31:55 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/02/18 16:31:55 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/01/05 19:52:19 | 000,121,299 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2009/01/05 19:52:19 | 000,001,037 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2008/12/26 18:28:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\System32\ETKCommInfoWeb.ini
[2008/12/17 17:43:46 | 000,589,824 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll
[2008/10/10 15:43:10 | 000,218,194 | ---- | C] () -- C:\WINDOWS\System32\MaPrintInfoDamon.dat
[2008/07/30 15:09:01 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdiun2k.ini
[2008/07/30 15:09:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\GetMP4Info.dll
[2008/07/30 15:09:00 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\drivers\FTDIUNIN.INI
[2008/07/30 15:08:59 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2008/07/30 15:08:59 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2008/07/25 12:43:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/07/16 16:44:06 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7020.DAT
[2008/05/05 11:22:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/29 13:13:57 | 000,000,889 | ---- | C] () -- C:\WINDOWS\UninstFW.ini
[2008/04/24 14:59:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\npScan.dll
[2008/04/24 14:59:41 | 000,000,198 | ---- | C] () -- C:\WINDOWS\CHB.INI
[2008/04/10 19:54:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2008/04/10 19:53:52 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfga.ini
[2008/03/26 20:43:13 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/03/26 20:43:13 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/03/26 14:35:04 | 000,000,825 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/26 14:35:04 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/26 14:35:04 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2008/03/26 14:35:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/26 14:33:30 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/24 11:58:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ATPlayer.INI
[2008/03/24 11:56:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\H263Encoder.dll
[2008/03/24 11:56:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\H263Decoder.dll
[2008/03/24 11:56:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\AnsZip35.dll
[2008/03/24 11:56:13 | 000,000,447 | ---- | C] () -- C:\WINDOWS\nanumixp.ini
[2008/03/21 12:33:36 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/03/20 14:01:10 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/18 20:44:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/18 20:40:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/18 20:34:20 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/03/18 20:34:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/18 20:11:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/03/18 20:11:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/03/18 20:10:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/16 23:12:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM0.DLL
[2007/10/16 10:13:46 | 000,083,344 | ---- | C] () -- C:\WINDOWS\System32\MaCommAPI.dll
[2007/10/10 21:15:50 | 000,042,384 | ---- | C] () -- C:\WINDOWS\System32\MaMakeUp.dll
[2007/07/25 04:24:30 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/29 22:11:36 | 000,045,113 | ---- | C] () -- C:\WINDOWS\System32\ETKCommAPIWeb.dll
[2007/06/29 22:11:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ETKDataMngrWeb.dll
[2006/12/12 11:15:00 | 000,008,517 | ---- | C] () -- C:\WINDOWS\System32\np_kor.ini
[2006/11/07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 11:12:46 | 000,950,272 | ---- | C] () -- C:\WINDOWS\System32\npdownv.exe
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/02/26 05:08:28 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/05 17:02:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\npnv3uninst.exe
[2005/11/18 16:53:56 | 000,505,856 | ---- | C] () -- C:\WINDOWS\System32\ictprn.dll
[2005/08/01 19:46:48 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\ALZZip.BIN
[2005/08/01 19:46:08 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\ALZALZ.BIN
[2005/06/14 21:27:46 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\HKDown.exe
[2005/05/17 16:36:26 | 000,008,023 | ---- | C] () -- C:\WINDOWS\System32\np_eng.ini
[2005/05/12 17:29:36 | 000,008,821 | ---- | C] () -- C:\WINDOWS\System32\np_jpn.ini
[2005/03/08 13:38:20 | 000,006,808 | ---- | C] () -- C:\WINDOWS\System32\np_chs.ini
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,379,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,487,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,089,124 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/10 17:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MACS.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: IEXPLORE.EXE >
[2009/06/29 03:25:31 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=02E2754D3E566C11A4934825920C47DD -- C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe
[2008/12/19 01:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2010/12/20 07:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=091D358EFC9D22901BD879EF37F0DAC4 -- C:\WINDOWS\ie8\iexplore.exe
[2009/04/25 01:27:50 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=092A7F2B49A19ECCE5369D3CB2276148 -- C:\WINDOWS\ie7updates\KB972260-IE7\iexplore.exe
[2008/12/19 01:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/04/22 04:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008/08/23 01:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2010/06/17 11:12:57 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=203E897F843D56496E2CC101DFF6CE34 -- C:\WINDOWS\ie7updates\KB2360131-IE7\iexplore.exe
[2008/04/22 03:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007/12/06 07:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2007/12/06 07:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\iexplore.exe
[2008/02/29 04:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2009/08/27 01:18:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=332EC7562F3AA7364F2D4231C56DA986 -- C:\WINDOWS\$hf_mig$\KB974455-IE7\SP3QFE\iexplore.exe
[2009/06/29 04:35:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=3CFC56F73D494FC1AA2B6E981DF15ACD -- C:\WINDOWS\ie7updates\KB974455-IE7\iexplore.exe
[2009/10/28 02:54:16 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=4F9B04D546C23A295F3F0AE015BE51DB -- C:\WINDOWS\ie7updates\KB978207-IE7\iexplore.exe
[2009/12/18 09:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=53C291F3B01EECECBD7FD358EA3ACC94 -- C:\WINDOWS\ie7updates\KB980182-IE7\iexplore.exe
[2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007/10/10 04:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2007/10/10 04:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
[2008/06/23 05:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008/02/22 05:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2010/10/18 07:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=72D1F43C4146D312B0DB6AB98C21340E -- C:\WINDOWS\ie7updates\KB2482017-IE7\iexplore.exe
[2009/10/28 02:54:21 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=80675329E0FD54F016C4F8A83C616349 -- C:\WINDOWS\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
[2007/12/06 04:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2007/12/06 04:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\iexplore.exe
[2009/02/28 00:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie7updates\KB969897-IE7\iexplore.exe
[2010/06/17 10:45:15 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B0BC6DC9C9277250C5C8F7B7A48A02CC -- C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe
[2010/04/16 07:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[2010/02/23 01:20:02 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B5116340B84824DDD0A641E36B126194 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2010/12/20 06:49:55 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B74CBEBA34E3CAA2CCACC87FEE8A16C0 -- C:\WINDOWS\$hf_mig$\KB2482017-IE7\SP3QFE\iexplore.exe
[2009/02/28 00:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2009/04/25 01:27:39 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=C0503FD8D163652735C1EE900672A75C -- C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe
[2010/04/16 07:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie7updates\KB2183461-IE7\iexplore.exe
[2008/06/23 04:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2010/02/23 01:19:59 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=C8DDA4028065D5CE39CBE7A156B72AB9 -- C:\WINDOWS\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[2009/12/18 03:00:27 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=D19E56D5930C37CF211867DF450C372A -- C:\WINDOWS\$hf_mig$\KB978207-IE7\SP3QFE\iexplore.exe
[2010/10/18 06:36:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DA6E1F0F1932B62DD2F6ED05541C555C -- C:\WINDOWS\$hf_mig$\KB2416400-IE7\SP3QFE\iexplore.exe
[2007/08/13 18:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2010/08/25 07:30:33 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=E5412ED9E07C42C20C48D3FF71E6B1E8 -- C:\WINDOWS\ie7updates\KB2416400-IE7\iexplore.exe
[2004/08/04 07:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008/08/23 01:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 06:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
[2007/10/10 06:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe
[2010/08/25 07:07:58 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=F047BEB9771E45A05F425499A30F9BBA -- C:\WINDOWS\$hf_mig$\KB2360131-IE7\SP3QFE\iexplore.exe
[2009/08/27 01:18:44 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=F232BA9F39BC0F722672C7E79E68EBEA -- C:\WINDOWS\ie7updates\KB976325-IE7\iexplore.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< C:\Windows\assembly\tmp\U /s >

========== Files - Unicode (All) ==========
[2011/03/04 10:48:03 | 000,038,912 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\OCEAN ?? ??.doc) -- C:\Documents and Settings\Jean\My Documents\OCEAN 작업 단계.doc
[2011/03/02 18:39:10 | 000,016,384 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\?? ???? ??.xls) -- C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls
[2011/03/02 18:39:10 | 000,016,384 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\?? ???? ??.xls) -- C:\Documents and Settings\Jean\My Documents\해상 소요시간 비교.xls
[2011/02/22 19:03:59 | 000,038,912 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\OCEAN ?? ??.doc) -- C:\Documents and Settings\Jean\My Documents\OCEAN 작업 단계.doc
[2011/01/19 10:16:01 | 000,016,384 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\LAX SAV ?? ??.xls) -- C:\Documents and Settings\Jean\My Documents\LAX SAV 해상 운임.xls
[2011/01/19 10:16:01 | 000,016,384 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\LAX SAV ?? ??.xls) -- C:\Documents and Settings\Jean\My Documents\LAX SAV 해상 운임.xls
[2010/12/17 12:00:06 | 000,273,408 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? ?? ???.doc) -- C:\Documents and Settings\Jean\My Documents\거래처 주소 레이블.doc
[2010/12/14 18:10:03 | 000,273,408 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? ?? ???.doc) -- C:\Documents and Settings\Jean\My Documents\거래처 주소 레이블.doc
[2010/11/09 13:09:11 | 000,015,697 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? INV ???? ?? LIST.pdf) -- C:\Documents and Settings\Jean\My Documents\통관시 INV 더할것과 뺄것 LIST.pdf
[2010/11/09 13:09:11 | 000,015,697 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? INV ???? ?? LIST.pdf) -- C:\Documents and Settings\Jean\My Documents\통관시 INV 더할것과 뺄것 LIST.pdf
[2010/11/02 17:13:46 | 000,039,936 | ---- | M] ()(C:\Documents and Settings\Jean\My Documents\??? ??.doc) -- C:\Documents and Settings\Jean\My Documents\조정훈 주소.doc
[2010/11/02 17:13:46 | 000,039,936 | ---- | C] ()(C:\Documents and Settings\Jean\My Documents\??? ??.doc) -- C:\Documents and Settings\Jean\My Documents\조정훈 주소.doc
(C:\Documents and Settings\All Users\Start Menu\Programs\Google ????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Google 업데이터
(C:\Documents and Settings\All Users\Start Menu\Programs\??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\이스트소프트

< End of report >




Thank you for your quick and prompt reply earlier.
  • 0

#8
Essexboy
Posted 19 September 2011 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you recognize these two items in your startup folder ? 

(C:\Documents and Settings\All Users\Start Menu\Programs\Google ????) -- C:\Documents and Settings\All Users\Start Menu\Programs\Google 업데이터
(C:\Documents and Settings\All Users\Start Menu\Programs\??????) -- C:\Documents and Settings\All Users\Start Menu\Programs\이스트소프트

  • 0

#9
AConnect
Posted 19 September 2011 - 02:50 PM

AConnect

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes, I recognize both of them. It could very well be that there really is nothing left anymore on the computer as ComboFix did mention there were rootkits when it was scanning and I'm assuming it found them.

As noted earlier, upon opening IE, I get about 5 or so in the task manager but the computer is still decently fast and I have yet to see an ad pop up once every 30 minutes like before.
  • 0

#10
Essexboy
Posted 19 September 2011 - 03:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

c:\windows\$NtUninstallKB1259$\4117761636\U\@00000001
c:\windows\$NtUninstallKB1259$\4117761636\U\@000000c0
c:\windows\$NtUninstallKB1259$\4117761636\U\@000000cb
c:\windows\$NtUninstallKB1259$\4117761636\U\@000000cf
c:\windows\$NtUninstallKB1259$\4117761636\U\@80000000
c:\windows\$NtUninstallKB1259$\4117761636\U\@800000c0
c:\windows\$NtUninstallKB1259$\4117761636\U\@800000cb
c:\windows\$NtUninstallKB1259$\4117761636\U\@800000cf

This was the grouping that were causing the popups

What I would like you to do is run for a day and if all is ok then let me know and I will remove my tools and tidy up
  • 0

#11
AConnect
Posted 19 September 2011 - 03:53 PM

AConnect

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, will do.

Thank you thus far for your assistance!
  • 0

#12
Essexboy
Posted 19 September 2011 - 04:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:)
  • 0

#13
AConnect
Posted 21 September 2011 - 02:13 PM

AConnect

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well, so far internet explorer has been behaving other than what has already been mentioned.

I think we can say that this case is now solved.

Thank you very much Essexboy! You have my gratitude.
  • 0

#14
Essexboy
Posted 21 September 2011 - 02:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With IE8 you will get two instances of Iexplore running one is protected mode


Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :unsure:
  • 0

#15
Essexboy
Posted 23 September 2011 - 12:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP