Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows/System32/Install/server.exe


  • Please log in to reply

#1
David Shon

David Shon

    New Member

  • Member
  • Pip
  • 1 posts
This file won't delete when ever i try delete it. When I turn my computer on cmd pops up and then disappears right away so I cannot read what it says but the only thing I could read was windows/server.exe. Is this a spyware, malware or virus?

The scan:


OTL logfile created on: 2011-09-14 오후 11:11:15 - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\David\바탕 화면
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

1.94 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 61.37% Memory free
3.79 Gb Paging File | 3.21 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 253.22 Gb Free Space | 84.95% Space Free | Partition Type: NTFS

Computer Name: C6DFBC8DF64647E | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\바탕 화면\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc)
PRC - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe (AhnLab, Inc.)
PRC - C:\Program Files\Droid Explorer\SDK\tools\adb.exe ()
PRC - C:\Program Files\Droid Explorer\DroidExplorer.Service.exe (Ryan Conrad)
PRC - C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\system32\CNAC4RPK.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE (CANON INC.)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\pdf.dll ()
MOD - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\Locales\ko.dll ()
MOD - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avutil-50.dll ()
MOD - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avformat-52.dll ()
MOD - C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\13.0.782.220\avcodec-52.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Droid Explorer\SDK\tools\adb.exe ()
MOD - C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.KOR ()


========== Win32 Services (SafeList) ==========

SRV - (V3 Lite Service) -- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe (AhnLab, Inc.)
SRV - (sgsvc) -- C:\Program Files\AhnLab\SiteGuard2\sgsvc.exe (AhnLab, Inc.)
SRV - (DroidExplorerService) -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe (Ryan Conrad)
SRV - (DokanMounter) -- C:\Program Files\Dokan\DokanLibrary\mounter.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV - (v3engine) -- C:\WINDOWS\system32\drivers\v3engine.sys (AhnLab, Inc.)
DRV - (AhnSZE) -- C:\WINDOWS\system32\drivers\ahnsze.sys (AhnLab, Inc.)
DRV - (ATamptNt_V3LITE) -- C:\Program Files\AhnLab\V3Lite\ATamptNt.sys (AhnLab, Inc.)
DRV - (ASZFltNt) -- C:\Program Files\AhnLab\V3Lite\ASZFltNt.sys (AhnLab, Inc.)
DRV - (AhnRghNt) -- C:\WINDOWS\system32\drivers\AhnRghNt.sys (AhnLab, Inc.)
DRV - (MeDCoreD_V3LITE) -- C:\Program Files\AhnLab\V3Lite\MeDCoreD.sys (AhnLab, Inc.)
DRV - (VPDrvNt) -- C:\Program Files\AhnLab\V3Lite\VPDrvNt.sys (AhnLab, Inc.)
DRV - (V3Flt2K) -- C:\Program Files\AhnLab\V3Lite\V3Flt2k.sys (AhnLab, Inc.)
DRV - (ATamptNt_ASG) -- C:\Program Files\AhnLab\SiteGuard2\atamptnt.sys (AhnLab, Inc.)
DRV - (AhnRec2K) -- C:\WINDOWS\system32\drivers\AhnRec2k.sys (AhnLab, Inc.)
DRV - (AhnFlt2K) -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys (AhnLab, Inc.)
DRV - (TfFRegNt) -- C:\Program Files\AhnLab\V3Lite\tffregnt.sys (AhnLab, Inc.)
DRV - (TfProcNt) -- C:\Program Files\AhnLab\V3Lite\ahawkent.sys (AhnLab, Inc.)
DRV - (vs-enc2) -- C:\WINDOWS\Temp\vs-enc2.sys (MarkAny, Inc.)
DRV - (VS) -- C:\WINDOWS\Temp\vs-prt.sys (MarcAny Inc.)
DRV - (iDispService) -- C:\WINDOWS\system32\drivers\idisplayminiport.sys (SHAPE Services)
DRV - (AMonTDnt) -- C:\WINDOWS\system32\drivers\AMonTDnt.sys (AhnLab, Inc.)
DRV - (AMonHKnt) -- C:\WINDOWS\system32\drivers\amonhknt.sys (AhnLab, Inc.)
DRV - (Dokan) -- C:\WINDOWS\system32\drivers\dokan.sys (Windows ® Win 7 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (CdmDrvNt) -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys (AhnLab, Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (WNDA3100) -- C:\WINDOWS\system32\drivers\WNDA31.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DCamUSBSamsung) -- C:\WINDOWS\system32\drivers\Sncnt.sys (Samsung Electronics)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\Documents and Settings\All Users\Application Data\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010-05-25 00:51:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-04-27 19:31:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010-08-28 14:14:02 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SGAgentObj Class) - {19217B99-F935-4A39-B857-A68A68D5BEBB} - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolbar\ALToolBand_1830.dll (ESTsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolbar\ALToolBand_1830.dll (ESTsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (주소(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (주소(&A)) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (연결(&L)) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AhnLab V3Lite Tray Process] C:\Program Files\AhnLab\V3Lite\V3LTray.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\system32\install\server.exe (Microsoft Corporation)
O4 - HKLM..\Run: [imekrmig7.0] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] C:\ [2011-09-14 23:04:45 | 000,000,000 | ---D | M]
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc)
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\system32\install\server.exe (Microsoft Corporation)
O4 - HKCU..\Run: [server] C:\Documents and Settings\David\Application Data\hrndblqhXf.exe ()
O4 - HKCU..\Run: [vertex] C:\Documents and Settings\David\Application Data\fvAOFvjMhI.exe ()
O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Canon LBP5000 Status Window.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\David\시작 메뉴\프로그램\시작프로그램\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\server.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\system32\install\server.exe (Microsoft Corporation)
O8 - Extra context menu item: 사이트가드 보이기(&S) - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O8 - Extra context menu item: 사이트가드 사용(&E) - C:\Program Files\AhnLab\SiteGuard2\sgagenti.dll (AhnLab, Inc.)
O8 - Extra context menu item: 알툴바 빠른검색(&Q) - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_1830.dll (ESTsoft Corporation)
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.micr...9E3A1BC/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} http://download.netm...26_20091109.cab (NetmarbleStarter26 Class)
O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubb...NowStarter2.cab (NowStarter2 Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://www.scsk-sup...03157/SCSK4.cab (Reg Error: Key error.)
O16 - DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} https://tx.allatpay..../AllatPayRE.cab (AllatPayREAtl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1271213474609 (WUWebControl Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} https://vbv.shinhanc.../xw_install.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworl...33.cab?20081124 (CyImage Class)
O16 - DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} http://pgdownload.da...XPayUpdater.cab (XPAYUpdater Control)
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} http://www.bankpay.o.../BankPayEFT.cab (BankPayEFTCtrl Control)
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop....ssl/MSecure.cab (MakeShop Secure Control)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,0,9 (Daum ActiveX manager Class)
O16 - DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} http://app.gomtv.com/gomtv/gomtvx.cab (Launcher Class)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://www.hangame.c...anSetup1030.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} https://vbv.shinhanc...ineTransfer.cab (VineTransfer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co..../KVPISPCTLD.cab (KvpIspCtlD Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B890167A-0A39-43CE-B5EC-1B931E45785F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\smart {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - C:\Program Files\ESTsoft\ALToolbar\ALToolBarProtocol.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (rentVersion\Winlogon) -C:\WINDOWS\System32\Winlogon.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (현재 홈 페이지) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\초원.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\초원.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-04-14 04:26:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-09-14 23:02:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-09-14 22:54:56 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\바탕 화면\OTL.exe
[2011-09-11 23:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\바탕 화면\SuddenAttackNA
[2011-09-07 23:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\The KMPlayer
[2011-09-07 00:44:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\시작 메뉴\프로그램\관리 도구
[2011-09-06 22:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\바탕 화면\내꺼
[2011-09-03 22:17:18 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011-08-28 21:11:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\install
[2011-08-28 21:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\install
[2011-08-24 21:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Downloads
[2011-08-18 00:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\바탕 화면\엄마꺼
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-09-14 23:11:15 | 000,295,524 | -H-- | M] () -- C:\Documents and Settings\David\Application Data\Davidlog.dat
[2011-09-14 22:54:59 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\바탕 화면\OTL.exe
[2011-09-14 22:29:06 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-152049171-725345543-1003UA.job
[2011-09-14 22:09:43 | 000,201,731 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-09-14 22:09:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-09-14 22:09:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011-09-14 22:09:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-09-14 10:29:00 | 000,000,712 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-152049171-725345543-1003Core.job
[2011-09-08 02:26:00 | 002,193,488 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2011-09-08 02:26:00 | 002,154,576 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\btscan.exe
[2011-09-07 22:43:22 | 000,255,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-09-03 22:17:18 | 000,593,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011-08-30 19:16:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011-08-28 21:14:31 | 000,688,640 | ---- | M] () -- C:\Documents and Settings\David\Application Data\hrndblqhXf.exe
[2011-08-28 21:14:31 | 000,688,640 | ---- | M] () -- C:\Documents and Settings\David\Application Data\fvAOFvjMhI.exe
[2011-08-26 18:01:00 | 001,550,288 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2011-08-25 21:45:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-08-20 01:19:00 | 000,058,592 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRghNt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-08-28 21:11:49 | 000,688,640 | ---- | C] () -- C:\Documents and Settings\David\Application Data\fvAOFvjMhI.exe
[2011-08-28 21:11:48 | 000,688,640 | ---- | C] () -- C:\Documents and Settings\David\Application Data\hrndblqhXf.exe
[2011-06-12 03:49:51 | 004,752,582 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-839522115-152049171-725345543-1003-0.dat
[2011-06-12 03:49:50 | 000,261,446 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011-06-12 00:45:18 | 006,779,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011-03-09 19:47:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-02-16 21:10:27 | 007,909,376 | ---- | C] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2011-01-22 13:43:44 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Application Data\winscp.rnd
[2011-01-04 15:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011-01-04 15:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011-01-04 15:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011-01-04 15:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011-01-03 14:01:17 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2011-01-02 21:32:52 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\INIcrypto20.dll
[2011-01-02 21:32:52 | 000,143,460 | ---- | C] () -- C:\WINDOWS\System32\INIWEBCryptoWrapper.dll
[2011-01-02 21:32:50 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\ISPPopUpDlg.exe
[2011-01-02 21:32:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\PubCertDlg.dll
[2011-01-02 21:32:48 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\INICertManUI.dll
[2011-01-02 21:32:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ISP_crgen.dll
[2011-01-02 21:26:11 | 000,000,101 | ---- | C] () -- C:\WINDOWS\msecure.ini
[2010-12-13 09:26:56 | 000,072,704 | ---- | C] () -- C:\WINDOWS\AllatKeyIn.exe
[2010-11-07 12:11:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010-09-04 11:56:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10QA5.INI
[2010-08-17 21:15:28 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\David\Application Data\chrtmp
[2010-08-17 21:15:20 | 000,095,814 | ---- | C] () -- C:\Documents and Settings\David\Application Data\AkifNettv88.exe
[2010-07-06 00:39:26 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\dokan.dll
[2010-06-28 20:31:49 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2010-06-22 15:57:29 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\David\Application Data\hidewin.cfg
[2010-06-13 15:25:44 | 000,034,864 | ---- | C] () -- C:\WINDOWS\unwise.exe
[2010-06-13 15:25:40 | 000,000,872 | ---- | C] () -- C:\WINDOWS\wnsetup.ini
[2010-05-31 21:44:33 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\RBRegEx350.dll
[2010-05-31 21:44:33 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2010-05-31 21:44:33 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\RBSpriteSurface350.dll
[2010-05-31 21:44:33 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\MBSWinPlugin.dll
[2010-05-31 21:44:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\rbselectfolder350.dll
[2010-05-31 21:44:33 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MBSUsernamePlugin.dll
[2010-05-31 21:44:33 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\MBSRegistrationPlugin.dll
[2010-05-19 23:48:08 | 000,053,228 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-04-25 18:23:36 | 000,014,229 | ---- | C] () -- C:\WINDOWS\SNC.INI
[2010-04-25 18:21:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SncSti0.dll
[2010-04-22 23:17:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-04-20 21:44:10 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-14 16:03:33 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010-04-14 15:06:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\fscflist.ini
[2010-04-14 15:06:46 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\fscagent.ini
[2010-04-14 04:40:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-04-14 04:27:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-04-14 04:23:47 | 000,021,896 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-04-14 04:20:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-04-14 04:16:57 | 000,255,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-24 09:54:50 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2009-09-07 15:59:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\y5wrapper.dll
[2009-09-07 15:59:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\y5winwrap.dll
[2009-09-07 15:57:46 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\y5csel.dll
[2009-09-02 08:07:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\y5cview.dll
[2009-09-02 08:07:44 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\y5cert.dll
[2009-09-02 08:07:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\y5clist.dll
[2009-09-01 17:16:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\y5base.dll
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009-01-16 06:42:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-01-16 06:42:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009-01-16 06:42:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-01-16 06:42:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009-01-16 06:42:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-01-16 06:42:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-01-16 06:42:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009-01-16 06:42:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008-02-27 11:26:00 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2005-09-06 20:13:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\NMUninst18.exe
[2005-04-08 14:16:43 | 000,295,524 | -H-- | C] () -- C:\Documents and Settings\David\Application Data\Davidlog.dat
[2005-02-21 18:28:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\usbdll.dll
[2004-08-13 15:37:56 | 000,202,234 | ---- | C] () -- C:\WINDOWS\System32\qbasic.exe
[2004-08-13 15:37:56 | 000,194,296 | ---- | C] () -- C:\WINDOWS\System32\qbasic2.exe
[2004-08-13 15:37:56 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\qbasic.com
[2004-08-13 15:37:54 | 000,473,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-13 15:37:54 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-13 15:37:54 | 000,267,376 | ---- | C] () -- C:\WINDOWS\System32\perfh012.dat
[2004-08-13 15:37:54 | 000,147,616 | ---- | C] () -- C:\WINDOWS\System32\perfi012.dat
[2004-08-13 15:37:54 | 000,076,874 | ---- | C] () -- C:\WINDOWS\System32\perfc012.dat
[2004-08-13 15:37:54 | 000,076,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-13 15:37:54 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd012.dat
[2004-08-13 15:37:54 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-13 15:37:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-13 15:37:52 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-13 15:37:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-13 15:37:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-13 15:37:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-13 15:37:22 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys
[2004-08-13 15:37:20 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys
[2004-08-13 15:37:18 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys
[2004-08-13 15:37:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-13 15:37:06 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys
[2004-08-04 04:07:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-04-18 19:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004-04-18 19:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003-03-05 21:57:50 | 000,005,021 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010-04-14 14:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2010-10-07 22:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2010-11-27 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software
[2010-11-27 15:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010-06-13 07:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010-05-22 13:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010-08-28 15:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2010-10-07 22:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2010-09-27 22:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2010-06-05 14:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011-09-06 23:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011-01-02 21:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2010-11-11 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-04-29 21:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-09-06 22:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\AhnLab
[2011-05-06 18:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Avnex
[2010-06-06 00:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ClientKeeper
[2011-01-19 14:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Cyberduck
[2011-01-21 21:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\DroidExplorer
[2011-07-08 19:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Dropbox
[2011-01-03 14:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\GetRightToGo
[2010-11-10 20:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\gtk-2.0
[2010-10-07 22:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\IconTweaker
[2011-09-14 11:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\install
[2011-05-24 23:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\LG Electronics
[2011-04-16 12:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Neopets Toolbar
[2010-10-24 15:06:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\David\Application Data\netmarble
[2010-09-27 22:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\River Past G5
[2011-09-06 23:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Samsung
[2011-05-06 17:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Screaming Bee
[2011-04-10 14:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SHAPE Services
[2010-11-06 14:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Sondle Soft
[2010-05-19 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Styler
[2010-07-28 07:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Toolbar4
[2010-11-12 19:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\VirtuaWin
[2011-01-21 09:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\VoipBuster
[2011-01-21 12:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\VoipStunt
[2011-01-19 13:28:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\David\Application Data\wyUpdate AU
[2011-09-14 22:09:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.TemporaryItems:AFP_AfpInfo
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8178B8D6

< End of report >

Please solve this problem :)
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP