TechSpot

Continuation from ziegfried post

By ziegfried2
Jul 23, 2012
  1. I suddenly wasn't able to log in through facebook like I did,
    so I am starting new post, sorry.
    and I am sorry I ran unnecessary scan, and we're clear on your rules.

    here are my results:
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.23.11

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    shin kim :: MUSHI2 [administrator]

    7/23/2012 7:27:41 PM
    mbam-log-2012-07-23 (19-27-41).txt

    Scan type: Full scan (C:\|J:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 480469
    Time elapsed: 1 hour(s), 3 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Program Files (x86)\Microsource\Microsource.exe (Adware.SupportBar) -> Quarantined and deleted successfully.

    (end)


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.23.11

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    shin kim :: MUSHI2 [administrator]

    7/23/2012 7:09:51 PM
    mbam-log-2012-07-23 (19-09-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243884
    Time elapsed: 12 minute(s), 48 second(s)

    Memory Processes Detected: 1
    C:\Program Files (x86)\Microsource\Microsource_se.exe (Adware.SupportBar) -> 1156 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 14
    HKLM\SYSTEM\CurrentControlSet\Services\Microsource Update Service (Adware.SupportBar) -> Quarantined and deleted successfully.
    HKCR\CLSID\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{7BA6DF99-65C4-4135-8FF2-6AECC28D0AAF} (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{88F1E09F-3F83-42C5-9277-3CD45D52B891} (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCR\ADPopup.AdPopupB.1 (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCR\ADPopup.AdPopupB (Adware.CySearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsource (Adware.SupportBar) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Program Files (x86)\Microsource\Microsource_se.exe (Adware.SupportBar) -> Delete on reboot.
    C:\Program Files (x86)\ESTsoft\ALShopping\ALShoppingBho.dll (Adware.GreenOPen) -> Quarantined and deleted successfully.
    C:\Supportbar_nas.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
    C:\Windows\Microsource_uninstaller.exe (Adware.SupportBar) -> Quarantined and deleted successfully.

    (end)
    ======================== above 2 were malwarebyte log ============================
    the top one is full scan that I ran before I posted on this forum
    so I apologize for 2 logs
    ====no log from GMER====
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by shin kim at 22:30:58 on 2012-07-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.949.82.1033.18.8183.6138 [GMT -7:00]
    .
    AV: 알약 *Disabled/Updated* {78D70EA9-5CF2-58F4-85C5-F4B097655D94}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: 알약 *Disabled/Updated* {C3B6EF4D-7AC8-577A-BF75-CFC2ECE21729}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\OEM\USBDECTION\USBS3S4Detection.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\windows\system32\wuauclt.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\shin kim\Downloads\mseinstall.exe
    j:\cc225a26948a6a072c8e9fa3f9\epplauncher.exe
    j:\cc225a26948a6a072c8e9fa3f9\amd64\Setup.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\system32\wusa.exe
    C:\windows\SysWOW64\DllHost.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\vssvc.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\System32\svchost.exe -k swprv
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.daum.net/
    mStart Page = hxxp://acer.msn.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: ALToolbarBho: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
    EB: ALShopping: {d1821708-9fe4-4f75-b59c-acb9996d2c9d} - C:\Program Files (x86)\ESTsoft\ALShopping\ALShopping.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\SHINKI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\shin kim\AppData\Local\Temp\{A740D10F-0A41-4A52-BBEC-1C380B7DE1F5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: 알툴바 빠른검색(&Q) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_2170.dll/23/SEARCH.HTML
    IE: 이미지 EXIF 정보 보기 -
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{08A46435-D993-4B74-86EF-365511660F2D} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    TCP: Interfaces\{08A46435-D993-4B74-86EF-365511660F2D}\059656330223E24376 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBarProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: ALToolbarBho: {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
    BHO-X64: ALToolbarBho - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: ALToolBar: {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
    EB-X64: {D1821708-9FE4-4F75-B59C-ACB9996D2C9D} - No File
    mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {95E2E4BA-E131-4aab-85C5-2071F68ED3C3} - C:\Program Files (x86)\ESTsoft\ALShopping\alshopping.lnk
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
    R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-18 13592]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-8 2253120]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-23 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
    R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 EstRtwIFDrv;EstRtwIFDrv;C:\windows\system32\drivers\EstRtw.sys --> C:\windows\system32\drivers\EstRtw.sys [?]
    S2 ALYac_RTSrv;ALYac RealTime Service;C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [2011-12-7 527744]
    S2 ALYac_UpdSrv;ALYac Update Service;C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [2011-12-15 898944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AVer7231_x64;AVerMedia 7231 capture service;C:\windows\system32\DRIVERS\AVer7231_x64.sys --> C:\windows\system32\DRIVERS\AVer7231_x64.sys [?]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
    S3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;C:\Program Files\ESTsoft\ALYac\plugin\realtime\EstRtw.sys [2012-1-2 267104]
    S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-07-24 05:31:00--------d-----w-C:\Program Files\Microsoft Security Client
    2012-07-24 04:54:22--------d-----w-C:\$RECYCLE.BIN
    2012-07-24 04:45:2498816----a-w-C:\windows\sed.exe
    2012-07-24 04:45:24518144----a-w-C:\windows\SWREG.exe
    2012-07-24 04:45:24256000----a-w-C:\windows\PEV.exe
    2012-07-24 04:45:24208896----a-w-C:\windows\MBR.exe
    2012-07-24 04:45:22--------d-----w-C:\ComboFix
    2012-07-24 02:10:17--------d-----w-C:\ProgramData\Spybot - Search & Destroy
    2012-07-24 02:10:17--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-24 02:09:26--------d-----w-C:\Users\shin kim\AppData\Roaming\Malwarebytes
    2012-07-24 02:09:1724904----a-w-C:\windows\System32\drivers\mbam.sys
    2012-07-24 02:09:17--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-24 02:09:16--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-24 01:55:56--------d-----w-C:\Users\shin kim\AppData\Local\{AB2DD5EF-3E9E-40AD-A55D-2D827D11A48E}
    2012-07-24 01:55:41--------d-----w-C:\Users\shin kim\AppData\Local\{3E6674AB-CBD9-4688-8864-EDD26B3C3017}
    2012-07-23 23:56:16--------d-----w-C:\Program Files\HoneyView3
    2012-07-23 19:13:31--------d-----w-C:\Users\shin kim\AppData\Local\{FBE090BE-C695-427A-9DC5-4AD3B92C88C1}
    2012-07-17 13:42:249133488----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A06CE5D-CC64-4129-AF8A-09CF3798ABE0}\mpengine.dll
    2012-07-13 04:42:563147264----a-w-C:\windows\System32\win32k.sys
    2012-07-13 03:08:322003968----a-w-C:\windows\System32\msxml6.dll
    .
    ==================== Find3M ====================
    .
    2012-06-26 12:13:04267104----a-w-C:\windows\System32\drivers\EstRtw.sys
    2012-06-25 03:34:4621376----a-w-C:\windows\System32\bootalyac.exe
    2012-06-06 05:50:501880064----a-w-C:\windows\System32\msxml3.dll
    2012-06-06 05:09:461389568----a-w-C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:09:461236992----a-w-C:\windows\SysWow64\msxml3.dll
    2012-06-02 22:19:42186752----a-w-C:\windows\System32\wuwebv.dll
    2012-06-02 22:15:312622464----a-w-C:\windows\System32\wucltux.dll
    2012-06-02 22:15:1236864----a-w-C:\windows\System32\wuapp.exe
    2012-06-02 22:15:0899840----a-w-C:\windows\System32\wudriver.dll
    2012-06-02 12:12:172311680----a-w-C:\windows\System32\jscript9.dll
    2012-06-02 12:05:281392128----a-w-C:\windows\System32\wininet.dll
    2012-06-02 12:04:501494528----a-w-C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40173056----a-w-C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:082382848----a-w-C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:251800192----a-w-C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:081129472----a-w-C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:031427968----a-w-C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33142848----a-w-C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:522382848----a-w-C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:38:2695088----a-w-C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:38:24152432----a-w-C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:37:45459216----a-w-C:\windows\System32\drivers\cng.sys
    2012-06-02 05:27:02340992----a-w-C:\windows\System32\schannel.dll
    2012-06-02 05:27:00307200----a-w-C:\windows\System32\ncrypt.dll
    2012-06-02 04:48:3922016----a-w-C:\windows\SysWow64\secur32.dll
    2012-06-02 04:48:35225280----a-w-C:\windows\SysWow64\schannel.dll
    2012-06-02 04:47:31219136----a-w-C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:42:5196768----a-w-C:\windows\SysWow64\sspicli.dll
    2012-05-31 19:25:12279656------w-C:\windows\System32\MpSigStub.exe
    2012-05-04 10:52:225505392----a-w-C:\windows\System32\ntoskrnl.exe
    2012-05-04 10:08:163958128----a-w-C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08:153902320----a-w-C:\windows\SysWow64\ntoskrnl.exe
    2012-05-02 05:32:43208896----a-w-C:\windows\System32\profsvc.dll
    2012-04-28 03:50:40204800----a-w-C:\windows\System32\drivers\rdpwd.sys
    2012-04-26 05:34:3876288----a-w-C:\windows\System32\rdpwsx.dll
    2012-04-26 05:34:37149504----a-w-C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:28:329216----a-w-C:\windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 22:31:25.40 ===============
    and
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/19/2011 8:21:28 PM
    System Uptime: 7/23/2012 9:53:50 PM (1 hours ago)
    .
    Motherboard: Acer | | Aspire M3910
    Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz | CPU 1 | 2800/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 914 GiB total, 787.086 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (NTFS) - 932 GiB total, 931.341 GiB free.
    K: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&DC382E&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&DC382E&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AC3Filter 1.63b
    Acer eRecovery Management
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.5.0 MUI
    Advertising Center
    ASPCA Reminder by We-Care.com v5.0.5.1
    D3DX10
    DAEMON Tools Lite
    DTS+AC3 Filter
    GOM Player
    GOMTV Plug-in
    Google Chrome
    Hotkey Utility
    ImagXpress
    Intel(R) Control Center
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    MPEG2 Codec(libmpeg2/mad)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker
    MyWinLocker Suite
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Norton Online Backup
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Shredder
    Skype Click to Call
    Skype™ 5.10
    Spybot - Search & Destroy
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Xiph.Org Open Codecs 0.85.17777
    μTorrent
    알쇼핑 1.1
    알집 8.51
    알툴바 2.17
    알툴즈 업데이트
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/23/2012 9:54:12 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    7/23/2012 9:53:21 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/23/2012 9:50:37 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    7/23/2012 9:43:58 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
    7/23/2012 9:30:13 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/23/2012 9:30:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/23/2012 9:24:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsource Support Service service to connect.
    7/23/2012 9:24:52 AM, Error: Service Control Manager [7000] - The Microsource Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 9:24:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800b476b30, 0xfffffa800b476e10, 0xfffff80003585720). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 072312-14383-01.
    7/23/2012 9:23:06 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/23/2012 9:23:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/23/2012 8:56:41 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    7/23/2012 8:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
    7/23/2012 8:32:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/23/2012 8:32:03 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    7/23/2012 7:05:19 PM, Error: Service Control Manager [7030] - The HomeGroup Provider service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    7/23/2012 10:24:20 PM, Error: Service Control Manager [7000] - The HomeGroup Provider service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
    7/23/2012 10:24:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1079" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
    7/22/2012 7:40:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I'm not sure what you mean by continuation.
    Did you post before under some different nick?
     
  3. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    yes, as ziegfried
     
  4. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    the one with corny picture... (corns with arms)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I deleted your other topic.

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User: shin kim [Admin rights]
    Mode: Scan -- Date: 07/23/2012 23:03:49

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 6 ¤¤¤
    [SUSP PATH] RollerCoaster Tycoon 3 Registration.lnk @shin kim : C:\Users\shin kim\AppData\Local\Temp\{A740D10F-0A41-4A52-BBEC-1C380B7DE1F5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\L --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
    --- User ---
    [MBR] 4848e1976a7e45ff333d3724aebb41e8
    [BSP] 4529f1c52d03b72b4af2a29906acf165 : Acer tatooed MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 35653632 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 35858432 | Size: 936359 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    this is from rogue killer, the asw mbr will be posted shortly
     
  7. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    for MBR, do you want me to click fixMBR or fix button after the scan?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Just follow my instructions.
    If there is nothing about clicking you don't click.
     
  9. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-23 23:06:22
    -----------------------------
    23:06:22.759 OS Version: Windows x64 6.1.7600
    23:06:22.759 Number of processors: 2 586 0x2505
    23:06:22.759 ComputerName: MUSHI2 UserName:
    23:06:25.270 Initialize success
    23:08:37.155 AVAST engine defs: 12072302
    23:12:31.379 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:12:31.379 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
    23:12:31.395 Disk 0 MBR read successfully
    23:12:31.395 Disk 0 MBR scan
    23:12:31.410 Disk 0 unknown MBR code
    23:12:31.410 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
    23:12:31.426 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
    23:12:31.442 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432
    23:12:31.457 Disk 0 scanning C:\windows\system32\drivers
    23:12:37.775 Service scanning
    23:12:54.639 Modules scanning
    23:12:54.639 Disk 0 trace - called modules:
    23:12:54.701 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    23:12:54.701 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ce6700]
    23:12:54.717 3 CLASSPNP.SYS[fffff88001c6843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007764050]
    23:12:57.197 AVAST engine scan C:\windows
    23:13:00.489 AVAST engine scan C:\windows\system32
    23:14:56.522 AVAST engine scan C:\windows\system32\drivers
    23:15:05.710 AVAST engine scan C:\Users\shin kim
    23:22:24.336 AVAST engine scan C:\ProgramData
    23:24:33.083 Scan finished successfully
    23:24:58.355 Disk 0 MBR has been saved successfully to "C:\Users\shin kim\Desktop\MBR.dat"
    23:24:58.355 The log file has been saved successfully to "C:\Users\shin kim\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  11. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    so before I restart my computer, do I need to rerun the frst while still in the command prompt of windows repair?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Yes, so you can give me two logs.
     
  13. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 24-07-2012 01:04:56
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9642528 2010-02-24] (Realtek Semiconductor)
    HKLM\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
    HKLM\...\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYLaunch.exe" /run [281472 2012-06-24] (ESTsoft Corp)
    HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2012-01-10] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392984 2012-01-10] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [417560 2012-01-10] (Intel Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [337264 2010-05-26] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-03-10] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-03-10] (Egis Technology Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
    HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKU\shin kim\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3478336 2012-01-24] (DT Soft Ltd)
    HKU\shin kim\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\shin kim\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\shin kim\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [96056 2012-07-23] (Siber Systems)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76
    Startup: C:\Users\shin kim\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
    ShortcutTarget: RollerCoaster Tycoon 3 Registration.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
    2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

    ========================== Drivers (Whitelisted) =============

    2 ALYac_RTSrv; "C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye" [527744 2012-06-24] (ESTsoft Corp)
    2 ALYac_UpdSrv; "C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye" [898944 2012-06-24] (ESTsoft Corp)
    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
    3 AVer7231_x64; C:\Windows\System32\Drivers\AVer7231_x64.sys [1757952 2010-04-07] (AVerMedia TECHNOLOGIES, Inc.)
    3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-01] (DT Soft Ltd)
    1 EstRtwIFDrv; C:\Windows\system32\drivers\EstRtw.sys [267104 2012-06-26] (ESTsoft Corp)
    3 EstRtwIFDrvTemp; \??\c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [267104 2012-06-26] (ESTsoft Corp)
    3 catchme; \??\C:\ComboFix\catchme.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-24 01:04 - 2012-07-24 01:04 - 00000000 ____D C:\FRST
    2012-07-23 23:48 - 2012-07-23 23:48 - 01437781 ____A (Farbar) C:\Users\shin kim\Downloads\FRST64.exe
    2012-07-23 23:37 - 2012-07-23 23:37 - 00000000 ____D C:\Users\shin kim\AppData\Roaming\RoboForm
    2012-07-23 23:36 - 2012-07-23 23:36 - 00001926 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-07-23 23:36 - 2012-07-23 23:36 - 00000000 ____D C:\Users\shin kim\Documents\My Avast EasyPass Data
    2012-07-23 23:36 - 2012-07-23 23:36 - 00000000 ____D C:\Users\All Users\RoboForm
    2012-07-23 23:36 - 2012-07-23 23:36 - 00000000 ____D C:\Program Files (x86)\Siber Systems
    2012-07-23 23:36 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-23 23:36 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-23 23:35 - 2012-07-23 23:35 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-07-23 23:35 - 2012-07-23 23:35 - 00000000 ____D C:\Program Files\AVAST Software
    2012-07-23 23:35 - 2012-07-23 23:35 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-23 23:35 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-23 23:35 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-23 23:35 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-23 23:35 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-23 23:35 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-23 23:35 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-07-23 23:35 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-23 22:48 - 2012-07-23 22:48 - 00000000 ____D C:\Users\shin kim\AppData\Local\{7CE76EA3-304F-4209-A9BE-040CC9D851EF}
    2012-07-23 22:48 - 2012-07-23 22:48 - 00000000 ____D C:\Users\shin kim\AppData\Local\{2770E464-3D74-4A9E-932F-842C0B5FB5DB}
    2012-07-23 22:24 - 2012-07-23 22:24 - 00001887 ____A C:\Users\shin kim\Desktop\aswMBR.txt
    2012-07-23 22:24 - 2012-07-23 22:24 - 00000512 ____A C:\Users\shin kim\Desktop\MBR.dat
    2012-07-23 22:05 - 2012-07-23 22:06 - 04731392 ____A (AVAST Software) C:\Users\shin kim\Desktop\aswMBR.exe
    2012-07-23 22:03 - 2012-07-23 22:03 - 01552384 ____A C:\Users\shin kim\Desktop\RogueKiller.exe
    2012-07-23 22:03 - 2012-07-23 22:03 - 00002122 ____A C:\Users\shin kim\Desktop\RKreport[1].txt
    2012-07-23 22:03 - 2012-07-23 22:03 - 00000000 ____D C:\Users\shin kim\Desktop\RK_Quarantine
    2012-07-23 21:34 - 2012-07-23 21:35 - 00000000 ____D C:\Users\shin kim\AppData\Local\{135E5E9D-0C98-4237-9787-1810C0396F21}
    2012-07-23 21:34 - 2012-07-23 21:34 - 00000000 ____D C:\Users\shin kim\AppData\Local\{6FFDE468-6B89-4F99-A8F0-D688D8AD6AF6}
    2012-07-23 21:33 - 2012-07-23 21:33 - 00607260 ____A (Swearware) C:\Users\shin kim\Downloads\dds.scr
    2012-07-23 21:31 - 2012-07-23 21:31 - 00734810 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-23 21:31 - 2012-07-23 21:31 - 00002154 ____A C:\Windows\epplauncher.mif
    2012-07-23 21:31 - 2012-07-23 21:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-23 21:31 - 2012-07-23 21:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-23 21:30 - 2012-07-23 21:30 - 00607260 ____R (Swearware) C:\Users\shin kim\Desktop\dds.scr
    2012-07-23 21:30 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-07-23 21:28 - 2012-07-23 21:28 - 12621696 ____A (Microsoft Corporation) C:\Users\shin kim\Downloads\mseinstall.exe
    2012-07-23 21:27 - 2012-07-23 21:31 - 89340632 ____A C:\Users\shin kim\Downloads\avast_free_antivirus_setup.exe
    2012-07-23 20:45 - 2012-07-23 20:57 - 00000000 ____D C:\ComboFix
    2012-07-23 20:45 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-07-23 20:45 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-07-23 20:45 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-07-23 20:45 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-07-23 20:45 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-07-23 20:45 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-07-23 20:45 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-07-23 20:45 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-07-23 20:44 - 2012-07-23 20:56 - 00000000 ____D C:\Qoobox
    2012-07-23 20:43 - 2012-07-23 20:56 - 00000000 ____D C:\Windows\erdnt
    2012-07-23 20:42 - 2012-07-23 20:42 - 04583914 ____R (Swearware) C:\Users\shin kim\Downloads\ComboFix.exe
    2012-07-23 20:37 - 2012-07-23 20:37 - 00302592 ____A C:\Users\shin kim\Downloads\1pkofspi.exe
    2012-07-23 20:29 - 2012-07-23 20:29 - 00000402 ____A C:\Users\shin kim\Desktop\repair.bat
    2012-07-23 20:17 - 2012-07-23 20:18 - 72704032 ____A (Microsoft Corporation) C:\Users\shin kim\Downloads\msert.exe
    2012-07-23 20:05 - 2012-07-23 20:05 - 00347424 ____A (Microsoft Corporation) C:\Users\shin kim\Downloads\MicrosoftFixit.WindowsFirewall.RNP.19266521981305876.13.1.Run.exe
    2012-07-23 20:03 - 2012-07-23 20:03 - 00664576 ____A C:\Users\shin kim\Downloads\MicrosoftFixit50562.msi
    2012-07-23 18:10 - 2012-07-23 18:44 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-07-23 18:10 - 2012-07-23 18:10 - 00001222 ____A C:\Users\shin kim\Desktop\Spybot - Search & Destroy.lnk
    2012-07-23 18:10 - 2012-07-23 18:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-23 18:09 - 2012-07-23 18:09 - 16409960 ____A (Safer Networking Limited ) C:\Users\shin kim\Downloads\spybotsd162.exe
    2012-07-23 18:09 - 2012-07-23 18:09 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-23 18:09 - 2012-07-23 18:09 - 00000000 ____D C:\Users\shin kim\AppData\Roaming\Malwarebytes
    2012-07-23 18:09 - 2012-07-23 18:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-23 18:09 - 2012-07-23 18:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-23 18:09 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-23 18:08 - 2012-07-23 18:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\shin kim\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-23 17:55 - 2012-07-23 17:56 - 00000000 ____D C:\Users\shin kim\AppData\Local\{AB2DD5EF-3E9E-40AD-A55D-2D827D11A48E}
    2012-07-23 17:55 - 2012-07-23 17:55 - 00000000 ____D C:\Users\shin kim\AppData\Local\{3E6674AB-CBD9-4688-8864-EDD26B3C3017}
    2012-07-23 17:32 - 2012-07-23 18:16 - 00000000 ____D C:\Users\shin kim\Downloads\pn
    2012-07-23 17:30 - 2012-07-23 18:16 - 00000000 ____D C:\Users\shin kim\Downloads\manga + novels
    2012-07-23 17:23 - 2012-07-23 23:48 - 1991413357 ____A C:\Users\shin kim\Downloads\hotavxxx.com@alabout.com@IPTD-919_1.5M_1.85G.wmv
    2012-07-23 17:07 - 2012-07-23 17:22 - 840661285 ____A C:\Users\shin kim\Downloads\????@????@soe-824.wmv
    2012-07-23 16:51 - 2012-07-23 23:48 - 1767933560 ____A C:\Users\shin kim\Downloads\0soe00810hhb.wmv
    2012-07-23 16:49 - 2012-07-23 16:52 - 00590039 ____A C:\Users\shin kim\Downloads\~uTorrentPartFile_4AE6D53B.dat
    2012-07-23 16:48 - 2012-07-23 23:48 - 1256242634 ____A C:\Users\shin kim\Downloads\sdmt765.avi
    2012-07-23 16:45 - 2012-07-23 23:48 - 1171346269 ____A C:\Users\shin kim\Downloads\(??) ANND-036 [??????] ??????????????? (????(Osawa Yuka),???(Otsuka Saki))(2009-05).avi
    2012-07-23 16:40 - 2012-07-23 17:03 - 1023930633 ____A C:\Users\shin kim\Downloads\SOE-808.avi
    2012-07-23 16:31 - 2012-07-23 23:48 - 1642504704 ____A C:\Users\shin kim\Downloads\NHDTA-273.avi
    2012-07-23 15:56 - 2012-07-23 15:56 - 00000840 ____A C:\Users\Public\Desktop\HoneyView3.lnk
    2012-07-23 15:56 - 2012-07-23 15:56 - 00000000 ____D C:\Program Files\HoneyView3
    2012-07-23 15:54 - 2012-07-23 15:54 - 04798496 ____A C:\Users\shin kim\Downloads\HV3-20120628-GL.EXE
    2012-07-23 11:13 - 2012-07-23 11:13 - 00000000 ____D C:\Users\shin kim\AppData\Local\{FBE090BE-C695-427A-9DC5-4AD3B92C88C1}
    2012-07-23 08:24 - 2012-07-23 08:24 - 373290564 ____A C:\Windows\MEMORY.DMP
    2012-07-23 08:24 - 2012-07-23 08:24 - 00281576 ____A C:\Windows\Minidump\072312-14383-01.dmp
    2012-07-23 08:24 - 2012-07-23 08:24 - 00000000 ____D C:\Windows\Minidump
    2012-07-22 19:30 - 2012-07-18 14:49 - 01606656 ____A C:\Users\shin kim\Downloads\SteamInstall.msi
    2012-07-22 18:58 - 2012-07-16 06:41 - 00000238 ____A C:\Users\shin kim\Downloads\TD bank wire transfer.txt
    2012-07-12 20:42 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-12 20:40 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-12 20:40 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-12 20:40 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-12 20:40 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-12 20:40 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-12 20:40 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-12 20:40 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-12 20:40 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-12 20:40 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-12 20:40 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-12 20:40 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-12 20:40 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-12 20:40 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-12 20:40 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-12 20:40 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-12 20:40 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-12 20:40 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-12 20:40 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-12 20:40 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-12 20:40 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-12 20:40 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-12 20:40 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-12 20:40 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-12 20:40 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-12 20:40 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-12 20:40 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-12 20:40 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-12 20:40 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-12 19:08 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-12 19:08 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-12 19:08 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-12 19:08 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-12 19:08 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-12 19:08 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-12 19:08 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-12 19:08 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-12 19:08 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-12 19:08 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-12 19:08 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-12 19:08 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-12 19:08 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-12 19:08 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-12 19:08 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


    ============ 3 Months Modified Files ========================

    2012-07-24 00:01 - 2011-04-18 07:41 - 01577037 ____A C:\Windows\WindowsUpdate.log
    2012-07-23 23:51 - 2009-07-13 21:13 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-23 23:48 - 2012-07-23 23:48 - 01437781 ____A (Farbar) C:\Users\shin kim\Downloads\FRST64.exe
    2012-07-23 23:48 - 2012-07-23 17:23 - 1991413357 ____A C:\Users\shin kim\Downloads\hotavxxx.com@alabout.com@IPTD-919_1.5M_1.85G.wmv
    2012-07-23 23:48 - 2012-07-23 16:51 - 1767933560 ____A C:\Users\shin kim\Downloads\0soe00810hhb.wmv
    2012-07-23 23:48 - 2012-07-23 16:48 - 1256242634 ____A C:\Users\shin kim\Downloads\sdmt765.avi
    2012-07-23 23:48 - 2012-07-23 16:45 - 1171346269 ____A C:\Users\shin kim\Downloads\(??) ANND-036 [??????] ??????????????? (????(Osawa Yuka),???(Otsuka Saki))(2009-05).avi
    2012-07-23 23:48 - 2012-07-23 16:31 - 1642504704 ____A C:\Users\shin kim\Downloads\NHDTA-273.avi
    2012-07-23 23:48 - 2009-07-13 20:51 - 00060268 ____A C:\Windows\setupact.log
    2012-07-23 23:46 - 2012-01-08 16:23 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000UA.job
    2012-07-23 23:36 - 2012-07-23 23:36 - 00001926 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-07-23 23:35 - 2012-07-23 23:35 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-07-23 22:24 - 2012-07-23 22:24 - 00001887 ____A C:\Users\shin kim\Desktop\aswMBR.txt
    2012-07-23 22:24 - 2012-07-23 22:24 - 00000512 ____A C:\Users\shin kim\Desktop\MBR.dat
    2012-07-23 22:06 - 2012-07-23 22:05 - 04731392 ____A (AVAST Software) C:\Users\shin kim\Desktop\aswMBR.exe
    2012-07-23 22:03 - 2012-07-23 22:03 - 01552384 ____A C:\Users\shin kim\Desktop\RogueKiller.exe
    2012-07-23 22:03 - 2012-07-23 22:03 - 00002122 ____A C:\Users\shin kim\Desktop\RKreport[1].txt
    2012-07-23 21:33 - 2012-07-23 21:33 - 00607260 ____A (Swearware) C:\Users\shin kim\Downloads\dds.scr
    2012-07-23 21:31 - 2012-07-23 21:31 - 00734810 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-23 21:31 - 2012-07-23 21:31 - 00002154 ____A C:\Windows\epplauncher.mif
    2012-07-23 21:31 - 2012-07-23 21:27 - 89340632 ____A C:\Users\shin kim\Downloads\avast_free_antivirus_setup.exe
    2012-07-23 21:30 - 2012-07-23 21:30 - 00607260 ____R (Swearware) C:\Users\shin kim\Desktop\dds.scr
    2012-07-23 21:28 - 2012-07-23 21:28 - 12621696 ____A (Microsoft Corporation) C:\Users\shin kim\Downloads\mseinstall.exe
    2012-07-23 21:01 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 21:01 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-23 20:57 - 2012-05-09 22:10 - 00004896 ____A C:\Windows\System32\Drivers\EstRtwIFDrv
    2012-07-23 20:57 - 2012-01-08 16:58 - 00000294 ____A C:\Windows\System32\ayboot.ini
    2012-07-23 20:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-23 20:54 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-07-23 20:53 - 2011-04-18 07:36 - 00022582 ____A C:\Windows\PFRO.log
    2012-07-23 20:42 - 2012-07-23 20:42 - 04583914 ____R (Swearware) C:\Users\shin kim\Downloads\ComboFix.exe
    2012-07-23 20:37 - 2012-07-23 20:37 - 00302592 ____A C:\Users\shin kim\Downloads\1pkofspi.exe
    2012-07-23 20:29 - 2012-07-23 20:29 - 00000402 ____A C:\Users\shin kim\Desktop\repair.bat
    2012-07-23 20:18 - 2012-07-23 20:17 - 72704032 ____A (Microsoft Corporation) C:\Users\shin kim\Downloads\msert.exe
    2012-07-23 20:05 - 2012-07-23 20:05 - 00347424 ____A (Microsoft Corporation) C:\Users\shin kim\Downloads\MicrosoftFixit.WindowsFirewall.RNP.19266521981305876.13.1.Run.exe
    2012-07-23 20:03 - 2012-07-23 20:03 - 00664576 ____A C:\Users\shin kim\Downloads\MicrosoftFixit50562.msi
    2012-07-23 19:46 - 2012-01-08 16:23 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000Core.job
    2012-07-23 18:10 - 2012-07-23 18:10 - 00001222 ____A C:\Users\shin kim\Desktop\Spybot - Search & Destroy.lnk
    2012-07-23 18:09 - 2012-07-23 18:09 - 16409960 ____A (Safer Networking Limited ) C:\Users\shin kim\Downloads\spybotsd162.exe
    2012-07-23 18:09 - 2012-07-23 18:09 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-23 18:08 - 2012-07-23 18:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\shin kim\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-23 17:32 - 2012-01-10 12:43 - 00349696 __ASH C:\Users\shin kim\Downloads\Thumbs.db
    2012-07-23 17:22 - 2012-07-23 17:07 - 840661285 ____A C:\Users\shin kim\Downloads\????@????@soe-824.wmv
    2012-07-23 17:03 - 2012-07-23 16:40 - 1023930633 ____A C:\Users\shin kim\Downloads\SOE-808.avi
    2012-07-23 16:52 - 2012-07-23 16:49 - 00590039 ____A C:\Users\shin kim\Downloads\~uTorrentPartFile_4AE6D53B.dat
    2012-07-23 16:30 - 2012-02-05 17:42 - 00001440 ____A C:\users\shin
    2012-07-23 15:56 - 2012-07-23 15:56 - 00000840 ____A C:\Users\Public\Desktop\HoneyView3.lnk
    2012-07-23 15:54 - 2012-07-23 15:54 - 04798496 ____A C:\Users\shin kim\Downloads\HV3-20120628-GL.EXE
    2012-07-23 08:24 - 2012-07-23 08:24 - 373290564 ____A C:\Windows\MEMORY.DMP
    2012-07-23 08:24 - 2012-07-23 08:24 - 00281576 ____A C:\Windows\Minidump\072312-14383-01.dmp
    2012-07-18 14:49 - 2012-07-22 19:30 - 01606656 ____A C:\Users\shin kim\Downloads\SteamInstall.msi
    2012-07-16 06:41 - 2012-07-22 18:58 - 00000238 ____A C:\Users\shin kim\Downloads\TD bank wire transfer.txt
    2012-07-16 04:46 - 2012-01-08 16:23 - 00002414 ____A C:\Users\shin kim\Desktop\Google Chrome.lnk
    2012-07-15 06:57 - 2009-07-13 20:45 - 00413064 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-12 20:42 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2012-07-03 12:46 - 2012-07-23 18:09 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 08:21 - 2012-07-23 23:36 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-07-23 23:36 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-07-23 23:35 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-07-23 23:35 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-07-23 23:35 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-07-03 08:21 - 2012-07-23 23:35 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-07-23 23:35 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-07-23 23:35 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
    2012-07-03 08:21 - 2012-07-23 23:35 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-06-26 04:13 - 2012-01-08 16:57 - 00267104 ____A (ESTsoft Corp) C:\Windows\System32\Drivers\EstRtw.sys
    2012-06-24 19:34 - 2012-01-08 16:57 - 00021376 ____A C:\Windows\System32\bootalyac.exe
    2012-06-11 19:02 - 2012-07-12 20:42 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-10 11:29 - 2012-06-10 11:29 - 00002051 ____A C:\Users\Public\Desktop\GomTV.lnk
    2012-06-10 11:29 - 2012-06-10 11:29 - 00001149 ____A C:\Users\Public\Desktop\GOM Player.lnk
    2012-06-09 20:48 - 2012-06-09 20:48 - 00001017 ____A C:\Users\shin kim\Desktop\Video - Shortcut.lnk
    2012-06-09 20:18 - 2012-01-08 22:12 - 00000907 ____A C:\Users\Public\Desktop\킫orrent.lnk
    2012-06-08 21:30 - 2012-07-12 19:08 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:46 - 2012-07-12 19:08 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 21:50 - 2012-07-12 19:08 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 21:50 - 2012-07-12 19:08 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 21:09 - 2012-07-12 19:08 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:09 - 2012-07-12 19:08 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-02 14:19 - 2012-06-08 20:26 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-08 20:26 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-08 20:26 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-08 20:26 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-08 20:26 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-08 20:26 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-08 20:26 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-08 20:26 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:15 - 2012-06-08 20:26 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-12 20:40 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-12 20:40 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-12 20:40 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-12 20:40 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-12 20:40 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-12 20:40 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-12 20:40 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-12 20:40 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-12 20:40 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-12 20:40 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-12 20:40 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-12 20:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-12 20:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-12 20:40 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-12 20:40 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-12 20:40 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-12 20:40 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-12 20:40 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-12 20:40 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-12 20:40 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-12 20:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-12 20:40 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-12 20:40 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-12 20:40 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-12 20:40 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-12 20:40 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-12 20:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-12 20:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:38 - 2012-07-12 19:08 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:38 - 2012-07-12 19:08 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:37 - 2012-07-12 19:08 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:27 - 2012-07-12 19:08 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:27 - 2012-07-12 19:08 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:48 - 2012-07-12 19:08 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:48 - 2012-07-12 19:08 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:47 - 2012-07-12 19:08 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:42 - 2012-07-12 19:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-19 22:29 - 2012-05-19 22:28 - 00003733 ____A C:\Windows\IE9_main.log
    2012-05-19 22:28 - 2012-05-19 22:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-05-19 22:28 - 2012-05-19 22:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-05-19 22:28 - 2012-05-19 22:28 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-05-19 22:28 - 2012-05-19 22:28 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-05-19 22:28 - 2012-05-19 22:28 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-05-19 22:28 - 2012-05-19 22:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-05-19 22:28 - 2012-05-19 22:28 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-05-19 22:28 - 2012-05-19 22:28 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-05-19 22:28 - 2012-05-19 22:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-05-18 19:55 - 2012-01-10 23:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-18 19:55 - 2012-01-10 23:06 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-16 23:02 - 2012-01-08 16:46 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-05-12 19:59 - 2009-07-13 21:08 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-09 20:24 - 2012-01-08 16:58 - 00000896 ____A C:\Windows\System32\Drivers\EstRtw.dat
    2012-05-04 02:52 - 2012-06-13 19:25 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:08 - 2012-06-13 19:25 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:08 - 2012-06-13 19:25 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-01 21:32 - 2012-06-13 19:25 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-27 19:50 - 2012-06-13 19:25 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

    ZeroAccess:
    C:\Windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}
    C:\Windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\@
    C:\Windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\L
    C:\Windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 8183.07 MB
    Available physical RAM: 7263.14 MB
    Total Pagefile: 8181.22 MB
    Available Pagefile: 7254.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: (Acer) (Fixed) (Total:914.41 GB) (Free:786.46 GB) NTFS
    2 Drive e: (PQSERVICE) (Fixed) (Total:17 GB) (Free:3.74 GB) NTFS
    4 Drive g: (SANG) (Removable) (Total:3.74 GB) (Free:3.07 GB) FAT32
    10 Drive m: () (Fixed) (Total:931.51 GB) (Free:930.18 GB) NTFS
    11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    12 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 3835 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 Online 931 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 17 GB 1024 KB
    Partition 2 Primary 100 MB 17 GB
    Partition 3 Primary 914 GB 17 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE NTFS Partition 17 GB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Acer NTFS Partition 914 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3827 MB 19 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G SANG FAT32 Removable 3827 MB Healthy

    ==================================================================================

    Partitions of Disk 7:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 7
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 10 M NTFS Partition 931 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-18 06:17

    ======================= End Of Log ==========================
     
  14. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-24 01:08:27
    Running from G:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\erdnt\cache64\services.exe
    [2012-07-23 20:56] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  16. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    so while running combofix, combofix automatically restarted my computer.
    and when the computer restarted, though it said do not run any programs, the auto start programs (including avast and windows security essentials) started.
    is that a problem?
    also, the combofix prompt said the combofix.txt is in c:/ drive, at the root, but I can't find it there, so I'm in the middle of searching for it. I'll post the log once my computer finds it.
     
  17. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    ComboFix 12-07-24.01 - shin kim 4/2012 Tue 1:51:11.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.949.82.1033.18.8183.6570 [GMT -7:00]
    Running from: C:\Users\shin kim\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    AV: 알약 *Disabled/Updated* {78D70EA9-5CF2-58F4-85C5-F4B097655D94}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: 알약 *Disabled/Updated* {C3B6EF4D-7AC8-577A-BF75-CFC2ECE21729}
    * Created a new restore point
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    ---- Previous Run -------
    C:\windows\assembly\GAC_32\Desktop.ini
    C:\windows\assembly\GAC_64\Desktop.ini
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    2012-07-24 09:04:52 . 2012-07-24 09:04:56--------d-----w-C:\FRST
    2012-07-24 08:56:47 . 2012-07-24 08:56:47--------d-----w-C:\Users\UpdatusUser\AppData\Local\temp
    2012-07-24 08:56:47 . 2012-07-24 08:56:47--------d-----w-C:\Users\Default\AppData\Local\temp
    2012-07-24 07:37:21 . 2012-07-24 07:37:21--------d-----w-C:\Users\shin kim\AppData\Roaming\RoboForm
    2012-07-24 07:36:29 . 2012-07-24 07:36:29--------d-----w-C:\ProgramData\RoboForm
    2012-07-24 07:36:17 . 2012-07-24 07:36:17--------d-----w-C:\Program Files (x86)\Siber Systems
    2012-07-24 07:36:00 . 2012-07-03 16:21:52355856----a-w-C:\windows\system32\drivers\aswSP.sys
    2012-07-24 07:36:00 . 2012-07-03 16:21:5125232----a-w-C:\windows\system32\drivers\aswFsBlk.sys
    2012-07-24 07:35:59 . 2012-07-03 16:21:52958400----a-w-C:\windows\system32\drivers\aswSnx.sys
    2012-07-24 07:35:59 . 2012-07-03 16:21:5259728----a-w-C:\windows\system32\drivers\aswTdi.sys
    2012-07-24 07:35:59 . 2012-07-03 16:21:5254072----a-w-C:\windows\system32\drivers\aswRdr2.sys
    2012-07-24 07:35:58 . 2012-07-03 16:21:5271064----a-w-C:\windows\system32\drivers\aswMonFlt.sys
    2012-07-24 07:35:58 . 2012-07-03 16:21:18285328----a-w-C:\windows\system32\aswBoot.exe
    2012-07-24 07:35:30 . 2012-07-03 16:21:3241224----a-w-C:\windows\avastSS.scr
    2012-07-24 07:35:29 . 2012-07-03 16:21:28227648----a-w-C:\windows\SysWow64\aswBoot.exe
    2012-07-24 07:35:18 . 2012-07-24 07:35:18--------d-----w-C:\ProgramData\AVAST Software
    2012-07-24 07:35:18 . 2012-07-24 07:35:18--------d-----w-C:\Program Files\AVAST Software
    2012-07-24 05:34:17 . 2012-07-24 05:34:13927800----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03B1F8CC-B59D-483D-A468-3E5D45D3DEB4}\gapaengine.dll
    2012-07-24 05:34:14 . 2012-06-29 10:04:309133488----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66EB816F-8ECE-487E-A74C-0F075BAFB932}\mpengine.dll
    2012-07-24 05:31:06 . 2012-07-24 05:31:07--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2012-07-24 05:31:00 . 2012-07-24 05:31:13--------d-----w-C:\Program Files\Microsoft Security Client
    2012-07-24 05:30:57 . 2010-04-09 11:06:09374664----a-w-C:\windows\system32\drivers\netio.sys
    2012-07-24 02:10:17 . 2012-07-24 02:44:55--------d-----w-C:\ProgramData\Spybot - Search & Destroy
    2012-07-24 02:10:17 . 2012-07-24 02:10:26--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
    2012-07-24 02:09:26 . 2012-07-24 02:09:26--------d-----w-C:\Users\shin kim\AppData\Roaming\Malwarebytes
    2012-07-24 02:09:17 . 2012-07-24 02:09:17--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-24 02:09:17 . 2012-07-03 20:46:4424904----a-w-C:\windows\system32\drivers\mbam.sys
    2012-07-24 02:09:16 . 2012-07-24 02:09:19--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-23 23:56:16 . 2012-07-23 23:56:18--------d-----w-C:\Program Files\HoneyView3
    2012-07-17 13:42:24 . 2012-06-29 10:04:299133488----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A06CE5D-CC64-4129-AF8A-09CF3798ABE0}\mpengine.dll
    2012-07-13 04:42:56 . 2012-06-12 03:02:523147264----a-w-C:\windows\system32\win32k.sys
    2012-07-13 03:08:32 . 2012-06-06 05:50:502003968----a-w-C:\windows\system32\msxml6.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2012-06-26 12:13:04 . 2012-01-09 00:57:56267104----a-w-C:\windows\system32\drivers\EstRtw.sys
    2012-06-25 03:34:46 . 2012-01-09 00:57:5621376----a-w-C:\windows\system32\bootalyac.exe
    2012-06-02 22:19:46 . 2012-06-09 04:26:2038424----a-w-C:\windows\system32\wups.dll
    2012-06-02 22:19:43 . 2012-06-09 04:26:302428952----a-w-C:\windows\system32\wuaueng.dll
    2012-06-02 22:19:42 . 2012-06-09 04:26:3157880----a-w-C:\windows\system32\wuauclt.exe
    2012-06-02 22:19:42 . 2012-06-09 04:26:3144056----a-w-C:\windows\system32\wups2.dll
    2012-06-02 22:19:42 . 2012-06-09 04:26:08186752----a-w-C:\windows\system32\wuwebv.dll
    2012-06-02 22:19:23 . 2012-06-09 04:26:19701976----a-w-C:\windows\system32\wuapi.dll
    2012-06-02 22:15:31 . 2012-06-09 04:26:302622464----a-w-C:\windows\system32\wucltux.dll
    2012-06-02 22:15:12 . 2012-06-09 04:26:0836864----a-w-C:\windows\system32\wuapp.exe
    2012-06-02 22:15:08 . 2012-06-09 04:26:2099840----a-w-C:\windows\system32\wudriver.dll
    2012-05-20 06:28:44 . 2012-05-20 06:28:4476800----a-w-C:\windows\SysWow64\SetIEInstalledDate.exe
    2012-05-20 06:28:44 . 2012-05-20 06:28:4474752----a-w-C:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-05-20 06:28:44 . 2012-05-20 06:28:4448640----a-w-C:\windows\SysWow64\mshtmler.dll
    2012-05-20 06:28:44 . 2012-05-20 06:28:44161792----a-w-C:\windows\SysWow64\msls31.dll
    2012-05-20 06:28:44 . 2012-05-20 06:28:44110592----a-w-C:\windows\SysWow64\IEAdvpack.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4391648----a-w-C:\windows\system32\SetIEInstalledDate.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:4389088----a-w-C:\windows\system32\RegisterIEPKEYs.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:4389088----a-w-C:\windows\system32\ie4uinit.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:4386528----a-w-C:\windows\SysWow64\iesysprep.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4385504----a-w-C:\windows\system32\iesetup.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4382432----a-w-C:\windows\system32\icardie.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4376800----a-w-C:\windows\system32\tdc.ocx
    2012-05-20 06:28:43 . 2012-05-20 06:28:4374752----a-w-C:\windows\SysWow64\iesetup.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43697344----a-w-C:\windows\system32\msfeeds.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4365024----a-w-C:\windows\system32\pngfilt.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4363488----a-w-C:\windows\SysWow64\tdc.ocx
    2012-05-20 06:28:43 . 2012-05-20 06:28:43603648----a-w-C:\windows\system32\vbscript.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4355296----a-w-C:\windows\system32\msfeedsbs.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43534528----a-w-C:\windows\system32\ieapfltr.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4349664----a-w-C:\windows\system32\imgutil.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4348640----a-w-C:\windows\system32\mshtmler.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43452608----a-w-C:\windows\system32\dxtmsft.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43448512----a-w-C:\windows\system32\html.iec
    2012-05-20 06:28:43 . 2012-05-20 06:28:43420864----a-w-C:\windows\SysWow64\vbscript.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43403248----a-w-C:\windows\system32\iedkcs32.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4339936----a-w-C:\windows\system32\iernonce.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:433695416----a-w-C:\windows\system32\ieapfltr.dat
    2012-05-20 06:28:43 . 2012-05-20 06:28:43367104----a-w-C:\windows\SysWow64\html.iec
    2012-05-20 06:28:43 . 2012-05-20 06:28:4335840----a-w-C:\windows\SysWow64\imgutil.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4330720----a-w-C:\windows\system32\licmgr10.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43282112----a-w-C:\windows\system32\dxtrans.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43267776----a-w-C:\windows\system32\ieaksie.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43249344----a-w-C:\windows\system32\webcheck.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4323552----a-w-C:\windows\SysWow64\licmgr10.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43222208----a-w-C:\windows\system32\msls31.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43197120----a-w-C:\windows\system32\msrating.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43165888----a-w-C:\windows\system32\iexpress.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:43163840----a-w-C:\windows\system32\ieakui.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43160256----a-w-C:\windows\system32\wextract.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:43160256----a-w-C:\windows\system32\ieakeng.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43152064----a-w-C:\windows\SysWow64\wextract.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:43150528----a-w-C:\windows\SysWow64\iexpress.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:43149504----a-w-C:\windows\system32\occache.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43145920----a-w-C:\windows\system32\iepeers.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43135168----a-w-C:\windows\system32\IEAdvpack.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4312288----a-w-C:\windows\system32\mshta.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:4311776----a-w-C:\windows\SysWow64\mshta.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:43114176----a-w-C:\windows\system32\admparse.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43111616----a-w-C:\windows\system32\iesysprep.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:4310752----a-w-C:\windows\system32\msfeedssync.exe
    2012-05-20 06:28:43 . 2012-05-20 06:28:43103936----a-w-C:\windows\system32\inseng.dll
    2012-05-20 06:28:43 . 2012-05-20 06:28:43101888----a-w-C:\windows\SysWow64\admparse.dll
    2012-05-04 10:52:22 . 2012-06-14 03:25:285505392----a-w-C:\windows\system32\ntoskrnl.exe
    2012-05-04 10:08:16 . 2012-06-14 03:25:273958128----a-w-C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08:15 . 2012-06-14 03:25:273902320----a-w-C:\windows\SysWow64\ntoskrnl.exe
    2012-05-02 05:32:43 . 2012-06-14 03:25:29208896----a-w-C:\windows\system32\profsvc.dll
    2012-04-28 03:50:40 . 2012-06-14 03:25:23204800----a-w-C:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:34:38 . 2012-06-14 03:25:3076288----a-w-C:\windows\system32\rdpwsx.dll
    2012-04-26 05:34:37 . 2012-06-14 03:25:30149504----a-w-C:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:28:32 . 2012-06-14 03:25:309216----a-w-C:\windows\system32\rdrmemptylst.exe
    ((((((((((((((((((((((((((((( SnapShot@2012-07-24_04.54.26 )))))))))))))))))))))))))))))))))))))))))
    + 2009-07-14 04:54:17 . 2012-07-24 08:57:5716384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54:17 . 2012-07-24 01:53:5116384 C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54:17 . 2012-07-24 01:53:5132768 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54:17 . 2012-07-24 08:57:5732768 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54:17 . 2012-07-24 01:53:5116384 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54:17 . 2012-07-24 08:57:5716384 C:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-31 12:07:00 . 2012-07-24 08:48:4748374 C:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10:35 . 2012-07-24 08:48:4733464 C:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-12-20 04:23:12 . 2012-07-24 08:48:4710454 C:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-429684283-3332833963-2554953177-1000_UserData.bin
    + 2012-07-23 17:23:13 . 2012-07-24 08:01:5567584 C:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2012-07-23 17:23:13 . 2012-07-23 16:11:5667584 C:\windows\system32\LogFiles\Srt\bootstat.dat
    + 2012-03-21 03:44:12 . 2012-03-21 03:44:1298688 C:\windows\system32\drivers\NisDrvWFP.sys
    + 2009-07-14 04:46:26 . 2012-07-24 08:54:1878720 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-07-24 08:57:38 . 2012-07-24 08:57:382048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-24 08:57:38 . 2012-07-24 08:57:382048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-24 04:54:03 . 2012-07-24 04:54:032048 C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 02:36:59 . 2012-07-24 08:53:30617910 C:\windows\system32\perfh009.dat
    + 2009-07-14 02:36:59 . 2012-07-24 08:53:30107190 C:\windows\system32\perfc009.dat
    + 2011-12-20 20:06:16 . 2012-01-31 12:44:20279656 C:\windows\system32\MpSigStub.exe
    - 2011-12-20 20:06:16 . 2012-05-31 19:25:12279656 C:\windows\system32\MpSigStub.exe
    + 2012-03-21 03:44:12 . 2012-03-21 03:44:12203888 C:\windows\system32\drivers\MpFilter.sys
    + 2009-07-14 05:01:48 . 2012-07-24 08:57:00390348 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01:48 . 2012-07-24 04:53:25390348 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-12 19:16:26 . 2009-07-12 19:16:26223232 C:\windows\Installer\9457f6.msi
    + 2012-07-24 05:31:12 . 2012-07-24 05:31:12109563 C:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
    + 2012-07-24 05:31:12 . 2012-07-24 05:31:12123352 C:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
    + 2012-07-24 05:31:12 . 2012-07-24 05:31:12109563 C:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
    + 2012-07-24 05:31:12 . 2012-07-24 05:31:12109563 C:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
    + 2012-07-24 05:31:12 . 2012-07-24 05:31:12109563 C:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
    - 2009-07-14 04:45:55 . 2012-07-15 14:59:253801160 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45:55 . 2012-07-24 08:12:123801160 C:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-03-27 02:21:30 . 2012-03-27 02:21:307622656 C:\windows\Installer\220fce.msi
    + 2009-07-14 02:34:08 . 2012-07-24 08:22:1410747904 C:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34:08 . 2012-07-24 03:45:0710747904 C:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2012-01-11 05:54:08 . 2012-07-24 04:53:2521675587 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-429684283-3332833963-2554953177-1000-12288.dat
    + 2012-01-11 05:54:08 . 2012-07-24 08:57:0021675587 C:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-429684283-3332833963-2554953177-1000-12288.dat
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:40:28120176----a-w-C:\Program Files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 13:19:14 3478336]
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2012-07-13 20:33:24 17418928]
    "SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 22:31:16 2144088]
    "RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-24 07:36:15 96056]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SuiteTray"="C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 02:59:08 337264]
    "EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 05:11:42 201584]
    "EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 05:11:56 407920]
    "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 22:33:10 1155928]
    "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 06:51:18 37296]
    "Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 12:40:12 611872]
    "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 22:12:48 284440]
    "OOTag"="C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 05:41:38 13856]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 18:07:54 252296]
    "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-07-03 16:21:30 4273976]
    C:\Users\shin kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RollerCoaster Tycoon 3 Registration.lnk - C:\Users\shin kim\AppData\Local\Temp\{A740D10F-0A41-4A52-BBEC-1C380B7DE1F5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0bootalyac.exe\0
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ALYac_UpdSrv]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    R1 EstRtwIFDrv;EstRtwIFDrv;C:\windows\system32\drivers\EstRtw.sys [2012-06-26 12:13:04 267104]
    R2 ALYac_RTSrv;ALYac RealTime Service;C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [2012-06-25 03:34:44 527744]
    R2 ALYac_UpdSrv;ALYac Update Service;C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [2012-06-25 03:34:44 898944]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
    R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 20:28:36 160944]
    R3 AVer7231_x64;AVerMedia 7231 capture service;C:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-04-08 03:13:30 1757952]
    R3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 18:08:34 17864]
    R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [2012-06-26 12:13:04 267104]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 12:12:58 317440]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys [2009-07-25 03:28:52 36208]
    R3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 02:41:06 305520]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 03:40:06 1014624]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-27 01:49:56 291696]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2012-01-10 11:08:50 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 01:10:10 57184]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-02 06:45:34 283200]
    S1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 02:15:30 22576]
    S1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 02:15:30 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 02:15:30 60464]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 16:21:52 71064]
    S2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 13:21:22 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 22:12:52 13592]
    S2 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 03:44:12 98688]
    S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 08:53:00 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 22:31:10 1153368]
    S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 01:41:46 3048136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 07:54:40 381248]
    S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 23:27:36 243232]
    S2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-09 09:24:16 76320]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 13:43:00 346144]
    Contents of the 'Scheduled Tasks' folder
    2012-07-24 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000Core.job
    - C:\Users\shin kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 00:23:39 . 2012-01-09 00:23:38]
    2012-07-24 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000UA.job
    - C:\Users\shin kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 00:23:39 . 2012-01-09 00:23:38]
    --------- X64 Entries -----------
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21:16133400----a-w-C:\Program Files\AVAST Software\Avast\ashShA64.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:42:12137584----a-w-C:\Program Files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mwlDaemon"="C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 02:41:24 349552]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 11:28:02 9642528]
    "OOTag"="C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 05:41:38 13856]
    "ALYac"="C:\Program Files\ESTsoft\ALYac\AYLaunch.exe" [2012-06-25 03:34:44 281472]
    "IgfxTray"="C:\windows\system32\igfxtray.exe" [2012-01-10 21:43:30 167704]
    "HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2012-01-10 21:43:08 392984]
    "Persistence"="C:\windows\system32\igfxpers.exe" [2012-01-10 21:43:26 417560]
    "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2012-03-27 01:54:34 1271168]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    ------- Supplementary Scan -------
    uLocal Page = C:\windows\system32\blank.htm
    uStart Page = hxxp://www.daum.net/
    mStart Page = hxxp://acer.msn.com
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show avast! EasyPass Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: 알툴바 빠른검색(&Q) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_2170.dll/23/SEARCH.HTML
    IE: 이미지 EXIF 정보 보기 -
    TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    - - - - ORPHANS REMOVED - - - -
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    You're running three AV programs, MSE, Avast and some Chinese security program.
    You must uninstall TWO of them.
    I can't read Chinese but I can see these entries in "Programs & Features":
    알쇼핑 1.1
    알집 8.51
    알툴바 2.17
    알툴즈 업데이트

    When done:

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    C:\Windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    NOTE.
    While posting Combofix log do NOT remove any empty lines.
     
  19. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    ComboFix 12-07-25.04 - shin kim 4/2012 Tue 13:45:29.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.949.82.1033.18.8183.5731 [GMT -7:00]
    Running from: c:\users\shin kim\Desktop\ComboFix.exe
    Command switches used :: c:\users\shin kim\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}
    c:\windows\Installer\{56d4fd66-7c99-92db-799f-0b95dc195334}\@
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 20:49 . 2012-07-24 20:49--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-07-24 20:49 . 2012-07-24 20:49--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-24 16:07 . 2012-07-24 16:07--------d-----w-c:\program files (x86)\Oracle
    2012-07-24 16:02 . 2012-07-24 16:02--------d-----w-c:\users\shin kim\Tracing
    2012-07-24 16:00 . 2012-07-24 16:00--------d-----w-c:\windows\en
    2012-07-24 15:58 . 2012-07-24 15:5889944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\377a8e5f1cd69b503\DSETUP.dll
    2012-07-24 15:58 . 2012-07-24 15:58537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\377a8e5f1cd69b503\DXSETUP.exe
    2012-07-24 15:58 . 2012-07-24 15:581801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\377a8e5f1cd69b503\dsetup32.dll
    2012-07-24 15:58 . 2012-07-24 15:5815712----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\379c209c1cd69b504\MeshBetaRemover.exe
    2012-07-24 09:04 . 2012-07-24 09:04--------d-----w-C:\FRST
    2012-07-24 07:37 . 2012-07-24 07:37--------d-----w-c:\users\shin kim\AppData\Roaming\RoboForm
    2012-07-24 07:36 . 2012-07-24 07:36--------d-----w-c:\programdata\RoboForm
    2012-07-24 07:36 . 2012-07-24 07:36--------d-----w-c:\program files (x86)\Siber Systems
    2012-07-24 07:36 . 2012-07-03 16:21355856----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-07-24 07:36 . 2012-07-03 16:2125232----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-24 07:35 . 2012-07-03 16:21958400----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-07-24 07:35 . 2012-07-03 16:2159728----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-07-24 07:35 . 2012-07-03 16:2154072----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-07-24 07:35 . 2012-07-03 16:2171064----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-24 07:35 . 2012-07-03 16:21285328----a-w-c:\windows\system32\aswBoot.exe
    2012-07-24 07:35 . 2012-07-03 16:2141224----a-w-c:\windows\avastSS.scr
    2012-07-24 07:35 . 2012-07-03 16:21227648----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-07-24 07:35 . 2012-07-24 07:35--------d-----w-c:\programdata\AVAST Software
    2012-07-24 07:35 . 2012-07-24 07:35--------d-----w-c:\program files\AVAST Software
    2012-07-24 05:30 . 2010-04-09 11:06374664----a-w-c:\windows\system32\drivers\netio.sys
    2012-07-24 02:10 . 2012-07-24 02:44--------d-----w-c:\programdata\Spybot - Search & Destroy
    2012-07-24 02:10 . 2012-07-24 02:10--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
    2012-07-24 02:09 . 2012-07-24 02:09--------d-----w-c:\users\shin kim\AppData\Roaming\Malwarebytes
    2012-07-24 02:09 . 2012-07-24 02:09--------d-----w-c:\programdata\Malwarebytes
    2012-07-24 02:09 . 2012-07-03 20:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-24 02:09 . 2012-07-24 02:09--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-23 23:56 . 2012-07-23 23:56--------d-----w-c:\program files\HoneyView3
    2012-07-17 13:42 . 2012-06-29 10:049133488----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A06CE5D-CC64-4129-AF8A-09CF3798ABE0}\mpengine.dll
    2012-07-13 04:42 . 2012-06-12 03:023147264----a-w-c:\windows\system32\win32k.sys
    2012-07-13 03:08 . 2012-06-06 05:502003968----a-w-c:\windows\system32\msxml6.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 05:06 . 2012-05-19 03:56772544----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-07-06 05:06 . 2012-01-11 07:06687544----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-06-02 22:19 . 2012-06-09 04:2638424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-09 04:262428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-09 04:2657880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-09 04:2644056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-09 04:26186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-09 04:26701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-09 04:262622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-09 04:2636864----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-09 04:2699840----a-w-c:\windows\system32\wudriver.dll
    2012-05-20 06:28 . 2012-05-20 06:2876800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-05-20 06:28 . 2012-05-20 06:2874752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-05-20 06:28 . 2012-05-20 06:2848640----a-w-c:\windows\SysWow64\mshtmler.dll
    2012-05-20 06:28 . 2012-05-20 06:28161792----a-w-c:\windows\SysWow64\msls31.dll
    2012-05-20 06:28 . 2012-05-20 06:28110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2012-05-20 06:28 . 2012-05-20 06:2891648----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2012-05-20 06:28 . 2012-05-20 06:2889088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
    2012-05-20 06:28 . 2012-05-20 06:2889088----a-w-c:\windows\system32\ie4uinit.exe
    2012-05-20 06:28 . 2012-05-20 06:2886528----a-w-c:\windows\SysWow64\iesysprep.dll
    2012-05-20 06:28 . 2012-05-20 06:2885504----a-w-c:\windows\system32\iesetup.dll
    2012-05-20 06:28 . 2012-05-20 06:2882432----a-w-c:\windows\system32\icardie.dll
    2012-05-20 06:28 . 2012-05-20 06:2876800----a-w-c:\windows\system32\tdc.ocx
    2012-05-20 06:28 . 2012-05-20 06:2874752----a-w-c:\windows\SysWow64\iesetup.dll
    2012-05-20 06:28 . 2012-05-20 06:28697344----a-w-c:\windows\system32\msfeeds.dll
    2012-05-20 06:28 . 2012-05-20 06:2865024----a-w-c:\windows\system32\pngfilt.dll
    2012-05-20 06:28 . 2012-05-20 06:2863488----a-w-c:\windows\SysWow64\tdc.ocx
    2012-05-20 06:28 . 2012-05-20 06:28603648----a-w-c:\windows\system32\vbscript.dll
    2012-05-20 06:28 . 2012-05-20 06:2855296----a-w-c:\windows\system32\msfeedsbs.dll
    2012-05-20 06:28 . 2012-05-20 06:28534528----a-w-c:\windows\system32\ieapfltr.dll
    2012-05-20 06:28 . 2012-05-20 06:2849664----a-w-c:\windows\system32\imgutil.dll
    2012-05-20 06:28 . 2012-05-20 06:2848640----a-w-c:\windows\system32\mshtmler.dll
    2012-05-20 06:28 . 2012-05-20 06:28452608----a-w-c:\windows\system32\dxtmsft.dll
    2012-05-20 06:28 . 2012-05-20 06:28448512----a-w-c:\windows\system32\html.iec
    2012-05-20 06:28 . 2012-05-20 06:28420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-05-20 06:28 . 2012-05-20 06:28403248----a-w-c:\windows\system32\iedkcs32.dll
    2012-05-20 06:28 . 2012-05-20 06:2839936----a-w-c:\windows\system32\iernonce.dll
    2012-05-20 06:28 . 2012-05-20 06:283695416----a-w-c:\windows\system32\ieapfltr.dat
    2012-05-20 06:28 . 2012-05-20 06:28367104----a-w-c:\windows\SysWow64\html.iec
    2012-05-20 06:28 . 2012-05-20 06:2835840----a-w-c:\windows\SysWow64\imgutil.dll
    2012-05-20 06:28 . 2012-05-20 06:2830720----a-w-c:\windows\system32\licmgr10.dll
    2012-05-20 06:28 . 2012-05-20 06:28282112----a-w-c:\windows\system32\dxtrans.dll
    2012-05-20 06:28 . 2012-05-20 06:28267776----a-w-c:\windows\system32\ieaksie.dll
    2012-05-20 06:28 . 2012-05-20 06:28249344----a-w-c:\windows\system32\webcheck.dll
    2012-05-20 06:28 . 2012-05-20 06:2823552----a-w-c:\windows\SysWow64\licmgr10.dll
    2012-05-20 06:28 . 2012-05-20 06:28222208----a-w-c:\windows\system32\msls31.dll
    2012-05-20 06:28 . 2012-05-20 06:28197120----a-w-c:\windows\system32\msrating.dll
    2012-05-20 06:28 . 2012-05-20 06:28165888----a-w-c:\windows\system32\iexpress.exe
    2012-05-20 06:28 . 2012-05-20 06:28163840----a-w-c:\windows\system32\ieakui.dll
    2012-05-20 06:28 . 2012-05-20 06:28160256----a-w-c:\windows\system32\wextract.exe
    2012-05-20 06:28 . 2012-05-20 06:28160256----a-w-c:\windows\system32\ieakeng.dll
    2012-05-20 06:28 . 2012-05-20 06:28152064----a-w-c:\windows\SysWow64\wextract.exe
    2012-05-20 06:28 . 2012-05-20 06:28150528----a-w-c:\windows\SysWow64\iexpress.exe
    2012-05-20 06:28 . 2012-05-20 06:28149504----a-w-c:\windows\system32\occache.dll
    2012-05-20 06:28 . 2012-05-20 06:28145920----a-w-c:\windows\system32\iepeers.dll
    2012-05-20 06:28 . 2012-05-20 06:28135168----a-w-c:\windows\system32\IEAdvpack.dll
    2012-05-20 06:28 . 2012-05-20 06:2812288----a-w-c:\windows\system32\mshta.exe
    2012-05-20 06:28 . 2012-05-20 06:2811776----a-w-c:\windows\SysWow64\mshta.exe
    2012-05-20 06:28 . 2012-05-20 06:28114176----a-w-c:\windows\system32\admparse.dll
    2012-05-20 06:28 . 2012-05-20 06:28111616----a-w-c:\windows\system32\iesysprep.dll
    2012-05-20 06:28 . 2012-05-20 06:2810752----a-w-c:\windows\system32\msfeedssync.exe
    2012-05-20 06:28 . 2012-05-20 06:28103936----a-w-c:\windows\system32\inseng.dll
    2012-05-20 06:28 . 2012-05-20 06:28101888----a-w-c:\windows\SysWow64\admparse.dll
    2012-05-04 10:52 . 2012-06-14 03:255505392----a-w-c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:08 . 2012-06-14 03:253958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:08 . 2012-06-14 03:253902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-05-02 05:32 . 2012-06-14 03:25208896----a-w-c:\windows\system32\profsvc.dll
    2012-04-28 03:50 . 2012-06-14 03:25204800----a-w-c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:34 . 2012-06-14 03:2576288----a-w-c:\windows\system32\rdpwsx.dll
    2012-04-26 05:34 . 2012-06-14 03:25149504----a-w-c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:28 . 2012-06-14 03:259216----a-w-c:\windows\system32\rdrmemptylst.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-24_04.54.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-09 01:50 . 2012-03-09 01:5049016 c:\windows\SysWOW64\sirenacm.dll
    - 2011-05-14 00:03 . 2011-05-14 00:0349016 c:\windows\SysWOW64\sirenacm.dll
    - 2009-07-14 04:54 . 2012-07-24 01:5316384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-07-24 20:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-07-24 01:5332768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-24 20:5132768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-24 01:5316384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-24 20:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-08-31 12:07 . 2012-07-24 09:0048566 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-24 09:0033576 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-12-20 04:23 . 2012-07-24 09:0010858 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-429684283-3332833963-2554953177-1000_UserData.bin
    - 2012-07-23 17:23 . 2012-07-23 16:1167584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    + 2012-07-23 17:23 . 2012-07-24 08:0167584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-12-20 00:25 . 2012-07-23 19:0516384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-12-20 00:25 . 2012-07-24 18:4116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-12-20 00:25 . 2012-07-24 18:4132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-12-20 00:25 . 2012-07-23 19:0532768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-23 19:0532768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-24 18:4132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-07-24 08:5478720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-07-24 15:59 . 2012-07-24 15:5930720 c:\windows\Installer\18223bd.msp
    + 2011-04-18 16:03 . 2011-04-18 16:0374240 c:\windows\Installer\18223b8.msi
    + 2012-07-24 15:59 . 2012-07-24 15:5923552 c:\windows\Installer\18223b3.msp
    + 2011-04-18 16:03 . 2011-04-18 16:0329696 c:\windows\Installer\18223ae.msi
    + 2012-07-24 15:59 . 2012-07-24 15:5960416 c:\windows\Installer\18223a8.msp
    + 2012-07-24 15:58 . 2012-07-24 15:5829184 c:\windows\Installer\1822349.msp
    + 2012-01-09 02:21 . 2012-01-09 02:2167072 c:\windows\Installer\1822343.msi
    + 2012-07-24 15:58 . 2012-07-24 15:5839936 c:\windows\Installer\18221ac.msp
    + 2011-04-18 16:02 . 2011-04-18 16:0274240 c:\windows\Installer\18221a7.msi
    + 2012-07-24 15:58 . 2012-07-24 15:5826112 c:\windows\Installer\182219e.msi
    + 2012-07-24 15:59 . 2012-07-24 15:5980395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
    - 2012-01-12 03:47 . 2012-01-12 03:4780395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
    + 2012-07-24 17:43 . 2012-07-24 17:4361440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\f2bff66c0499582fbad0ff9b4180a080\WindowsLiveWriter.ni.exe
    + 2012-07-24 17:43 . 2012-07-24 17:4380896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a7003b4e7bd8f115115fe626a5298f58\WindowsLive.Writer.Passport.ni.dll
    - 2012-07-24 04:54 . 2012-07-24 04:542048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-24 20:51 . 2012-07-24 20:512048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-05-13 23:42 . 2011-05-13 23:42302448 c:\windows\WLXPGSS.SCR
    + 2012-03-09 01:37 . 2012-03-09 01:37302448 c:\windows\WLXPGSS.SCR
    + 2012-07-24 16:07 . 2012-07-06 05:06227760 c:\windows\SysWOW64\javaws.exe
    + 2012-01-11 07:06 . 2012-06-27 08:43174064 c:\windows\SysWOW64\javaw.exe
    + 2012-01-11 07:06 . 2012-06-27 08:43174064 c:\windows\SysWOW64\java.exe
    + 2009-07-14 02:36 . 2012-07-24 20:38615810 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-24 03:38615810 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-24 03:38106190 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-07-24 20:38106190 c:\windows\system32\perfc009.dat
    - 2011-12-20 20:06 . 2012-05-31 19:25279656 c:\windows\system32\MpSigStub.exe
    + 2011-12-20 20:06 . 2012-01-31 12:44279656 c:\windows\system32\MpSigStub.exe
    + 2009-07-14 05:01 . 2012-07-24 20:50390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-24 04:53390348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-12 19:16 . 2009-07-12 19:16223232 c:\windows\Installer\9457f6.msi
    + 2012-07-24 16:06 . 2012-07-24 16:06461312 c:\windows\Installer\182240a.msi
    + 2011-04-18 16:03 . 2011-04-18 16:03153600 c:\windows\Installer\18223a3.msi
    + 2012-07-24 15:59 . 2012-07-24 15:59509952 c:\windows\Installer\182238c.msp
    + 2012-07-24 15:59 . 2012-07-24 15:59635904 c:\windows\Installer\1822382.msp
    + 2012-07-24 15:59 . 2012-07-24 15:59468480 c:\windows\Installer\1822366.msp
    + 2012-07-24 15:58 . 2012-07-24 15:58625664 c:\windows\Installer\1822357.msp
    + 2012-07-24 15:59 . 2012-07-24 15:59276480 c:\windows\Installer\182232b.msp
    + 2012-07-24 15:58 . 2012-07-24 15:58205824 c:\windows\Installer\18222d6.msp
    + 2011-04-18 16:03 . 2011-04-18 16:03775168 c:\windows\Installer\18222cd.msi
    + 2012-07-24 15:58 . 2012-07-24 15:58715264 c:\windows\Installer\1822201.msp
    + 2012-07-24 15:58 . 2012-07-24 15:58136704 c:\windows\Installer\18221e3.msp
    + 2011-04-18 16:02 . 2011-04-18 16:02429056 c:\windows\Installer\18221de.msi
    + 2012-07-24 05:31 . 2012-07-24 05:31109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
    + 2012-07-24 05:31 . 2012-07-24 05:31109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
    + 2012-07-24 05:31 . 2012-07-24 05:31109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
    + 2012-07-24 05:31 . 2012-07-24 05:31109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
    + 2012-07-24 17:43 . 2012-07-24 17:43634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\334ebfc14f0383b62501e5fb713ef914\WindowsLiveLocal.WriterPlugin.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ff3df84482503a5d045ad3acb19196f9\WindowsLive.Writer.Interop.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fab8bbe78b36f363246f150b16bc1d51\WindowsLive.Writer.SpellChecker.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fa7465df559851ca03d7cb942eb7a500\WindowsLive.Writer.Extensibility.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e4c161ea3fc7e7e331ac185f93249ddc\WindowsLive.Writer.Api.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e0c64b77b52e2c6c7c65f2380cb7014d\WindowsLive.Writer.FileDestinations.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9123b205fe3a537623f0f3b0784b1bea\WindowsLive.Writer.BrowserControl.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43890880 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8e66bbf6343644f0814d3c6165a58ebd\WindowsLive.Writer.HtmlEditor.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\57444a2f6895fb4c65006f6524e9015c\WindowsLive.Writer.Controls.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4c884591f89ae0305ec799545504e478\WindowsLive.Writer.HtmlParser.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\419a430802a257d5bb11646808784913\WindowsLive.Writer.Mshtml.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\30e907c7e6126b704f627be36ba1777a\WindowsLive.Writer.Interop.Mshtml.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2d418aa0524bac0fa401c60f3026aa8f\WindowsLive.Writer.Instrumentation.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\154a923db194259618dda71bd86a03e9\WindowsLive.Writer.BlogClient.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:43222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\899997fb0eae5a92fc9b233a1c35bc9a\WindowsLive.Client.ni.dll
    - 2009-07-14 04:45 . 2012-07-15 14:593801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2012-07-24 08:123801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-07-24 15:59 . 2012-07-24 15:592146304 c:\windows\Installer\182239d.msp
    + 2011-04-18 16:03 . 2011-04-18 16:034250112 c:\windows\Installer\1822392.msi
    + 2011-04-18 16:03 . 2011-04-18 16:034175360 c:\windows\Installer\1822387.msi
    + 2011-04-18 16:03 . 2011-04-18 16:033410944 c:\windows\Installer\182237c.msi
    + 2012-07-24 15:59 . 2012-07-24 15:595124096 c:\windows\Installer\1822376.msp
    + 2012-01-12 03:46 . 2012-01-12 03:466661632 c:\windows\Installer\182236c.msi
    + 2011-04-18 16:03 . 2011-04-18 16:031070592 c:\windows\Installer\182235c.msi
    + 2011-04-18 16:03 . 2011-04-18 16:031492992 c:\windows\Installer\182234e.msi
    + 2012-07-24 15:59 . 2012-07-24 15:593105792 c:\windows\Installer\182233e.msp
    + 2011-04-18 16:03 . 2011-04-18 16:036195200 c:\windows\Installer\1822333.msi
    + 2012-07-24 15:58 . 2012-07-24 15:586363136 c:\windows\Installer\18222ee.msi
    + 2012-07-24 15:58 . 2012-07-24 15:583734016 c:\windows\Installer\18222c4.msp
    + 2012-07-24 15:58 . 2012-07-24 15:582957312 c:\windows\Installer\182227d.msp
    + 2011-04-18 16:03 . 2011-04-18 16:038313856 c:\windows\Installer\1822263.msi
    + 2012-07-24 15:58 . 2012-07-24 15:585868544 c:\windows\Installer\182225e.msp
    + 2012-07-24 15:58 . 2012-07-24 15:585535744 c:\windows\Installer\1822240.msp
    + 2012-07-24 15:58 . 2012-07-24 15:583312128 c:\windows\Installer\1822225.msp
    + 2011-04-18 16:02 . 2011-04-18 16:028332288 c:\windows\Installer\1822209.msi
    + 2012-01-12 03:46 . 2012-01-12 03:462310656 c:\windows\Installer\18221f9.msi
    + 2012-07-24 15:58 . 2012-07-24 15:581139712 c:\windows\Installer\18221f4.msp
    + 2011-04-18 16:02 . 2011-04-18 16:024004864 c:\windows\Installer\18221e8.msi
    + 2012-07-24 15:58 . 2012-07-24 15:582932224 c:\windows\Installer\18221d9.msp
    + 2011-04-18 16:02 . 2011-04-18 16:027710720 c:\windows\Installer\18221c5.msi
    + 2012-07-24 15:58 . 2012-07-24 15:584426240 c:\windows\Installer\18221c0.msp
    + 2011-04-18 16:02 . 2011-04-18 16:029433088 c:\windows\Installer\18221b1.msi
    + 2012-07-24 17:43 . 2012-07-24 17:432193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e993e49aa04fee24f637d325d25a1cf0\WindowsLive.Writer.CoreServices.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:431284608 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dae6ee5315c39b4a3e1209579b967a71\WindowsLive.Writer.ApplicationFramework.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:431346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\95b604c4480604290e110aebbd6c8543\WindowsLive.Writer.Localization.ni.dll
    + 2012-07-24 17:43 . 2012-07-24 17:437023616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2bb5589f9ea5bf81181719a76ccf84e9\WindowsLive.Writer.PostEditor.ni.dll
    + 2009-07-14 02:34 . 2012-07-24 16:0910747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-07-24 03:4510747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2012-01-11 05:54 . 2012-07-24 20:5021731276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-429684283-3332833963-2554953177-1000-12288.dat
    + 2011-04-18 16:03 . 2011-04-18 16:0311846656 c:\windows\Installer\18222bb.msi
    + 2012-07-24 15:58 . 2012-07-24 15:5814624256 c:\windows\Installer\18222b3.msp
    + 2011-04-18 16:03 . 2011-04-18 16:0334193408 c:\windows\Installer\1822288.msi
    + 2011-04-18 16:03 . 2011-04-18 16:0313850624 c:\windows\Installer\1822247.msi
    + 2012-01-12 03:46 . 2012-01-12 03:4622647296 c:\windows\Installer\182222d.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:40120176----a-w-c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-24 96056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
    "OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    .
    c:\users\shin kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RollerCoaster Tycoon 3 Registration.lnk - c:\users\shin kim\AppData\Local\Temp\{A740D10F-0A41-4A52-BBEC-1C380B7DE1F5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-04-08 1757952]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
    R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-25 36208]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-10 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-02 283200]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000Core.job
    - c:\users\shin kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 00:23]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000UA.job
    - c:\users\shin kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09 00:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:42137584----a-w-c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 9642528]
    "OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.daum.net/
    mStart Page = hxxp://acer.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Show avast! EasyPass Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-429684283-3332833963-2554953177-1000\Software\SecuROM\License information*]
    "datasecu"=hex:35,46,3b,6b,08,e5,f1,f9,0e,37,2a,0b,e8,b4,76,e9,66,5e,1b,a7,e6,
    9a,ed,8f,58,ca,00,7e,80,f1,3b,eb,12,2b,2c,84,6b,2b,fd,65,3b,da,51,26,ee,89,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-24 13:54:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-24 20:54
    .
    Pre-Run: 832,639,721,472 bytes free
    Post-Run: 832,539,398,144 bytes free
    .
    - - End Of File - - DD3D9CBEEDDC62BF9ABDA14F223097E0
     
  20. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good :)

    How is computer doing?

    =========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.23.11

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    shin kim :: MUSHI2 [administrator]

    7/24/2012 3:37:59 PM
    mbam-log-2012-07-24 (15-37-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214546
    Time elapsed: 1 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  22. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    OTL Extras logfile created on: 7/24/2012 3:30:51 PM - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\shin kim\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 67.29% Memory free
    15.98 Gb Paging File | 13.13 Gb Available in Paging File | 82.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 914.41 Gb Total Space | 776.29 Gb Free Space | 84.90% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 930.18 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

    Computer Name: MUSHI2 | User Name: shin kim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{07EC0A52-B9E9-4228-BD62-504993A9DE55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1771D8A9-4F7C-4798-9027-F1E46FDD5993}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{281F12C3-6228-436B-9059-7CEB45DE0472}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C189C2F7-6930-472D-8125-AE349128285B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0CE537ED-F72C-45E5-A1F0-E2CFB8A6A5E8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{109E4D7E-718A-4FF4-ADBE-C0639E8D92F0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2B6225AC-26AC-4CD9-9130-DC8EF4393CCD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6FADDEB1-DF06-4BF7-9D03-0140D35B93CD}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D51B7AF4-6AF2-46FD-AB23-22CCD16F7717}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{4022511D-C4F2-4EBD-9CFB-3336D24B88F8}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{3454ECC5-F63F-4C93-A4CA-D8B991A5F1EA}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HoneyView3" = HoneyView3
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{e24c509d-40ae-4cc4-b682-462596667a1e}" = Nero 9 Essentials
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "AC3Filter_is1" = AC3Filter 1.63b
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AI RoboForm" = avast! EasyPass
    "ALUpdate_is1" = 알툴즈 업데이트
    "ALZip_is1" = 알집 8.51
    "avast" = avast! Free Antivirus
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DtsFilter" = DTS+AC3 Filter
    "GOM Player" = GOM Player
    "GomTV Launcher Plugin" = GOMTV Plug-in
    "Hotkey Utility" = Hotkey Utility
    "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Open Codecs" = Xiph.Org Open Codecs 0.85.17777
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-429684283-3332833963-2554953177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/16/2012 3:02:30 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 6/18/2012 12:03:16 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 6/24/2012 3:32:14 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 6/27/2012 1:08:57 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 6/30/2012 1:56:29 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 7/12/2012 11:55:36 PM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 7/13/2012 12:40:35 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 7/13/2012 12:40:44 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 7/13/2012 12:40:48 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    Error - 7/15/2012 11:30:16 AM | Computer Name = mushi2 | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 1/8/2012 8:22:38 PM | Computer Name = mushi2 | Source = MCUpdate | ID = 0
    Description = 4:22:38 PM - Error connecting to the internet. 4:22:38 PM - Unable
    to contact server..

    Error - 1/8/2012 8:22:53 PM | Computer Name = mushi2 | Source = MCUpdate | ID = 0
    Description = 4:22:43 PM - Error connecting to the internet. 4:22:43 PM - Unable
    to contact server..

    Error - 1/9/2012 9:56:30 PM | Computer Name = mushi2 | Source = MCUpdate | ID = 0
    Description = 5:56:19 PM - Error connecting to the internet. 5:56:19 PM - Unable
    to contact server..

    [ System Events ]
    Error - 7/13/2012 12:41:01 AM | Computer Name = mushi2 | Source = DCOM | ID = 10010
    Description =

    Error - 7/22/2012 3:38:12 PM | Computer Name = mushi2 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:41:21 AM on ?7/?22/?2012 was unexpected.

    Error - 7/22/2012 3:38:47 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Microsource
    Support Service service to connect.

    Error - 7/22/2012 3:38:47 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7000
    Description = The Microsource Support Service service failed to start due to the
    following error: %%1053

    Error - 7/22/2012 9:19:27 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Microsource
    Support Service service to connect.

    Error - 7/22/2012 9:19:27 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7000
    Description = The Microsource Support Service service failed to start due to the
    following error: %%1053

    Error - 7/22/2012 9:22:11 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Microsource
    Support Service service to connect.

    Error - 7/22/2012 9:22:11 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7000
    Description = The Microsource Support Service service failed to start due to the
    following error: %%1053

    Error - 7/22/2012 10:01:33 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Microsource
    Support Service service to connect.

    Error - 7/22/2012 10:01:33 PM | Computer Name = mushi2 | Source = Service Control Manager | ID = 7000
    Description = The Microsource Support Service service failed to start due to the
    following error: %%1053


    < End of report >
     
  23. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    OTL logfile created on: 7/24/2012 3:30:51 PM - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\shin kim\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.99 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 67.29% Memory free
    15.98 Gb Paging File | 13.13 Gb Available in Paging File | 82.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 914.41 Gb Total Space | 776.29 Gb Free Space | 84.90% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 930.18 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

    Computer Name: MUSHI2 | User Name: shin kim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/24 15:28:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\shin kim\Desktop\OTL.exe
    PRC - [2012/07/24 00:36:15 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/06/09 21:17:45 | 000,880,528 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/05/13 20:25:16 | 003,907,240 | ---- | M] (Gretech Corp.) -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
    PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/10/17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    PRC - [2010/05/26 19:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    PRC - [2010/03/10 22:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    PRC - [2010/03/10 22:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2009/12/09 02:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    MOD - [2012/07/09 21:07:39 | 000,554,520 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
    MOD - [2012/07/09 21:07:37 | 000,117,784 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
    MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
    MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
    MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
    MOD - [2012/07/09 19:17:27 | 009,255,112 | ---- | M] () -- C:\Users\SHINKI~1\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
    MOD - [2012/07/09 19:17:27 | 009,255,112 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    MOD - [2012/06/15 00:31:06 | 000,491,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ca2806e10e2ad4eed01ce529ec72fe21\IAStorUtil.ni.dll
    MOD - [2012/06/14 22:01:02 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 22:00:55 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
    MOD - [2012/05/18 20:58:50 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3c9208ce1f19b4a47cecaa307c2aff40\IAStorCommon.ni.dll
    MOD - [2012/05/10 06:11:20 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\1435db5dea878f59191dc112a40e2185\CustomMarshalers.ni.dll
    MOD - [2012/05/09 21:27:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/09 21:26:32 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
    MOD - [2012/05/09 21:26:23 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
    MOD - [2012/05/09 21:26:19 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
    MOD - [2012/05/09 21:26:16 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
    MOD - [2012/05/09 21:26:15 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
    MOD - [2012/05/09 21:26:10 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
    MOD - [2012/04/11 20:28:00 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\flashoverlay.dll
    MOD - [2012/03/28 19:32:54 | 000,946,176 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GSFU.ax
    MOD - [2012/01/30 01:08:02 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GVF.ax
    MOD - [2012/01/10 22:53:19 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2011/11/15 00:35:24 | 003,373,568 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\libavcodec.dll
    MOD - [2011/08/01 23:11:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GRFU.ax
    MOD - [2011/04/04 02:15:18 | 000,421,520 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GomTVStrm.dll
    MOD - [2010/10/15 02:35:52 | 001,433,600 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GAF.ax
    MOD - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    MOD - [2010/08/04 02:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
    MOD - [2009/08/11 21:21:20 | 001,021,440 | ---- | M] () -- C:\Program Files (x86)\AC3Filter\ac3filter_intl.dll
    MOD - [2009/08/11 21:19:04 | 000,797,184 | ---- | M] () -- C:\Program Files (x86)\AC3Filter\ac3filter.ax
    MOD - [2009/06/10 14:22:50 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2007/01/25 14:21:02 | 000,632,080 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Microsoft\Windows Live Mail\Proof\prf0012\1\msstko32.dll
    MOD - [2007/01/25 14:21:02 | 000,103,696 | ---- | M] () -- C:\Users\shin kim\AppData\Local\Microsoft\Windows Live Mail\Proof\prf0012\1\MSSP3KO.DLL
    MOD - [2005/02/02 21:46:26 | 000,425,984 | ---- | M] () -- C:\Windows\SysWOW64\CoreAAC.ax


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/12/09 02:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [File_System | On_Demand | Stopped] -- c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys -- (EstRtwIFDrvTemp)
    DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/01 23:45:34 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/01/10 14:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/08/23 05:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/08/10 20:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/04/07 20:13:30 | 001,757,952 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
    DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/24 20:28:52 | 000,036,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2009/06/02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2009/06/02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-429684283-3332833963-2554953177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
    IE - HKU\S-1-5-21-429684283-3332833963-2554953177-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-429684283-3332833963-2554953177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\shin kim\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\shin kim\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\shin kim\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\shin kim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: Skype Click to Call = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
    CHR - Extension: Gmail = C:\Users\shin kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/24 13:51:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKU\S-1-5-21-429684283-3332833963-2554953177-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-429684283-3332833963-2554953177-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-429684283-3332833963-2554953177-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-21-429684283-3332833963-2554953177-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-429684283-3332833963-2554953177-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-429684283-3332833963-2554953177-1003..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
    O4 - Startup: C:\Users\shin kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-429684283-3332833963-2554953177-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-429684283-3332833963-2554953177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-429684283-3332833963-2554953177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-429684283-3332833963-2554953177-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8:64bit: - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O9:64bit: - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08A46435-D993-4B74-86EF-365511660F2D}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  24. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/24 15:28:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\shin kim\Desktop\OTL.exe
    [2012/07/24 13:51:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/24 13:49:58 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/07/24 13:44:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/07/24 13:44:34 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/24 09:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/07/24 09:03:13 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{6D477710-4831-43A7-849D-F2256598C0E9}
    [2012/07/24 09:03:02 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{017F4BA7-0BB3-46C3-88B2-99E1B38EF2A1}
    [2012/07/24 09:02:50 | 000,000,000 | ---D | C] -- C:\Users\shin kim\Tracing
    [2012/07/24 09:00:38 | 000,000,000 | ---D | C] -- C:\windows\en
    [2012/07/24 08:58:12 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{BBAD0D14-9015-4A30-A028-84F2B1F6EB34}
    [2012/07/24 08:58:00 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{6EC69ACD-E032-48DB-B3AE-9FFD9294D560}
    [2012/07/24 02:04:52 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/24 01:40:27 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\shin kim\Desktop\ComboFix.exe
    [2012/07/24 00:37:21 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Roaming\RoboForm
    [2012/07/24 00:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
    [2012/07/24 00:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! EasyPass
    [2012/07/24 00:36:20 | 000,000,000 | ---D | C] -- C:\Users\shin kim\Documents\My Avast EasyPass Data
    [2012/07/24 00:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
    [2012/07/24 00:36:00 | 000,355,856 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
    [2012/07/24 00:36:00 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/24 00:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/24 00:35:59 | 000,958,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
    [2012/07/24 00:35:59 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
    [2012/07/24 00:35:59 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
    [2012/07/24 00:35:58 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
    [2012/07/24 00:35:58 | 000,071,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/24 00:35:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
    [2012/07/24 00:35:29 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
    [2012/07/24 00:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/24 00:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/23 23:48:23 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{2770E464-3D74-4A9E-932F-842C0B5FB5DB}
    [2012/07/23 23:48:13 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{7CE76EA3-304F-4209-A9BE-040CC9D851EF}
    [2012/07/23 23:05:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\shin kim\Desktop\aswMBR.exe
    [2012/07/23 23:03:27 | 000,000,000 | ---D | C] -- C:\Users\shin kim\Desktop\RK_Quarantine
    [2012/07/23 22:34:52 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{135E5E9D-0C98-4237-9787-1810C0396F21}
    [2012/07/23 22:34:41 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{6FFDE468-6B89-4F99-A8F0-D688D8AD6AF6}
    [2012/07/23 22:30:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\shin kim\Desktop\dds.scr
    [2012/07/23 21:45:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/07/23 21:45:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/07/23 21:44:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/23 21:43:55 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/07/23 19:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/07/23 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/07/23 19:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/07/23 19:09:26 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Roaming\Malwarebytes
    [2012/07/23 19:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/23 19:09:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/07/23 19:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/23 19:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/23 18:55:56 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{AB2DD5EF-3E9E-40AD-A55D-2D827D11A48E}
    [2012/07/23 18:55:41 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{3E6674AB-CBD9-4688-8864-EDD26B3C3017}
    [2012/07/23 16:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoneyView3
    [2012/07/23 16:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\HoneyView3
    [2012/07/23 12:13:31 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Local\{FBE090BE-C695-427A-9DC5-4AD3B92C88C1}
    [2012/07/23 09:24:17 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2012/07/22 21:41:32 | 000,000,000 | ---D | C] -- C:\Users\shin kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sex Slave Puppet Mayumi 2
    [2012/07/22 18:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

    ========== Files - Modified Within 30 Days ==========

    File not found -- C:\windows\SysNative\
    [2012/07/24 15:28:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\shin kim\Desktop\OTL.exe
    [2012/07/24 14:46:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000UA.job
    [2012/07/24 13:58:25 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/24 13:58:25 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/24 13:55:41 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/07/24 13:55:41 | 000,615,810 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/07/24 13:55:41 | 000,106,190 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/07/24 13:51:13 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/07/24 13:50:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/07/24 13:50:39 | 2140,463,103 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/24 13:43:44 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\shin kim\Desktop\ComboFix.exe
    [2012/07/24 13:41:31 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/07/24 01:58:01 | 000,000,294 | ---- | M] () -- C:\windows\SysNative\ayboot.ini
    [2012/07/24 01:09:21 | 367,241,732 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/07/24 00:36:00 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/24 00:35:58 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
    [2012/07/23 23:24:58 | 000,000,512 | ---- | M] () -- C:\Users\shin kim\Desktop\MBR.dat
    [2012/07/23 23:06:10 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\shin kim\Desktop\aswMBR.exe
    [2012/07/23 23:03:09 | 001,552,384 | ---- | M] () -- C:\Users\shin kim\Desktop\RogueKiller.exe
    [2012/07/23 22:31:09 | 000,734,810 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/07/23 22:30:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\shin kim\Desktop\dds.scr
    [2012/07/23 21:29:49 | 000,000,402 | ---- | M] () -- C:\Users\shin kim\Desktop\repair.bat
    [2012/07/23 20:46:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-429684283-3332833963-2554953177-1000Core.job
    [2012/07/23 19:10:26 | 000,001,246 | ---- | M] () -- C:\Users\shin kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/07/23 19:10:26 | 000,001,222 | ---- | M] () -- C:\Users\shin kim\Desktop\Spybot - Search & Destroy.lnk
    [2012/07/23 19:09:18 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/23 16:56:18 | 000,000,864 | ---- | M] () -- C:\Users\shin kim\Application Data\Microsoft\Internet Explorer\Quick Launch\HoneyView3.lnk
    [2012/07/23 16:56:18 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\HoneyView3.lnk
    [2012/07/16 05:46:59 | 000,002,414 | ---- | M] () -- C:\Users\shin kim\Desktop\Google Chrome.lnk
    [2012/07/15 07:57:00 | 000,413,064 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/07/03 09:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 09:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
    [2012/07/03 09:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 09:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 09:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
    [2012/07/03 09:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 09:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
    [2012/07/03 09:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
    [2012/07/03 09:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

    ========== Files Created - No Company Name ==========

    File not found -- C:\windows\SysNative\
    [2012/07/24 00:36:00 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/24 00:35:58 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
    [2012/07/23 23:24:58 | 000,000,512 | ---- | C] () -- C:\Users\shin kim\Desktop\MBR.dat
    [2012/07/23 23:03:12 | 001,552,384 | ---- | C] () -- C:\Users\shin kim\Desktop\RogueKiller.exe
    [2012/07/23 22:31:16 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
    [2012/07/23 22:31:09 | 000,734,810 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/07/23 21:45:24 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/07/23 21:45:24 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/07/23 21:45:24 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/07/23 21:45:24 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/07/23 21:45:24 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/07/23 21:29:49 | 000,000,402 | ---- | C] () -- C:\Users\shin kim\Desktop\repair.bat
    [2012/07/23 19:10:26 | 000,001,246 | ---- | C] () -- C:\Users\shin kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/07/23 19:10:26 | 000,001,222 | ---- | C] () -- C:\Users\shin kim\Desktop\Spybot - Search & Destroy.lnk
    [2012/07/23 19:09:18 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/23 16:56:18 | 000,000,864 | ---- | C] () -- C:\Users\shin kim\Application Data\Microsoft\Internet Explorer\Quick Launch\HoneyView3.lnk
    [2012/07/23 16:56:18 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\HoneyView3.lnk
    [2012/07/23 09:24:12 | 367,241,732 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2012/01/10 14:27:26 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
    [2012/01/10 14:27:26 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
    [2012/01/10 14:27:26 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
    [2012/01/10 13:29:54 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_89001461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_49001461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_33011461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_2A0F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_2A071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_14001461_61.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_13011461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_110F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_110F1461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_11071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_11071461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A0F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A071461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A071461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A031461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A031461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A011461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_0A011461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_09001461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_08071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_060F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_06071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_06071461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_03011461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_03011461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_02011461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_02011461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_010F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_010F1461_8a.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_01071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,502 | ---- | C] () -- C:\windows\11317231_01071461_8a.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_A3031461_ca.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_A3031461_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_A3031461_8a.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_83231461_ca.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_83231461_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_83231461_8a.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_07031461_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_03231461_ca.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_03231461_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_03231461_8a.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_03131461_8a.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_03031461_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_02031461_ca.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_02031461_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_02031461_8a.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_00000000_aa.bin
    [2010/08/31 05:57:41 | 000,000,461 | ---- | C] () -- C:\windows\11317231_00000000_8a.bin
    [2010/08/31 05:57:41 | 000,000,434 | ---- | C] () -- C:\windows\11317231_890F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,434 | ---- | C] () -- C:\windows\11317231_29001461_ca.bin
    [2010/08/31 05:57:41 | 000,000,434 | ---- | C] () -- C:\windows\11317231_090F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,412 | ---- | C] () -- C:\windows\11317231_180F1461_ca.bin
    [2010/08/31 05:57:41 | 000,000,412 | ---- | C] () -- C:\windows\11317231_18071461_aa.bin
    [2010/08/31 05:57:41 | 000,000,376 | ---- | C] () -- C:\windows\11317231_03131461_aa.bin

    ========== LOP Check ==========

    [2012/02/01 23:45:57 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\DAEMON Tools Lite
    [2012/01/11 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\Day 1 Studios
    [2012/01/09 00:30:13 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\Leadertech
    [2011/12/19 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\OEM
    [2012/07/24 00:37:21 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\RoboForm
    [2012/05/18 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\SystemRequirementsLab
    [2012/07/24 15:34:08 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\uTorrent
    [2012/01/10 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\Vidyo
    [2012/01/10 19:38:06 | 000,000,000 | ---D | M] -- C:\Users\shin kim\AppData\Roaming\Windows Live Writer
    [2012/05/12 20:59:35 | 000,032,602 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  25. ziegfried2

    ziegfried2 TS Rookie Topic Starter Posts: 26

    and right now, I still can't leave homegroup and still getting some error (error 1079)
    but my firewall is working now.
    so I guess if all the malwares are gone, the other error (1079 is actually new error) might be system side, not malware problem
    thanks
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...