TechSpot

Windows Vista 2012 Security virus, cannot connect to Internet to download software

Solved
By paulsingsong
Jan 11, 2012
  1. I got a windows vista security 2012 virus that runs a scan that states fake warnings. At present, when I log on to "user" (which is not the admin), I get a pop up from windows manager asking me to enter the password for the (admin). If I do not and try to go back to the desktop, the entire screen goes blue, and the only thing I can do is hit ctrl+alt+del and to to task manager. I am connected to the internet but cannot use any browsers since the virus prevents me from doing so. I can run a cd, which I used to try and install malwarebytes onto the infected laptop, but the virus prevents me from doing so. Same goes for safe-mode with networking, I cannot gain access to the internet nor can I install any software!

    I am running windows vista home 32 bit.

    I am writing this post from my personal laptop which is running Windows Vista Home 64-bit. I have two infected laptops that have the same symtoms as described above (which both were infected when my younger brother went to a Stalin history website).

    I read several other threads that are related to the one I am posting, but I did not know if the OTL fixes that people posted could be used for my computer as well. I really have no experience with any of this so any help is appreciated. Thank you for your patience and kindness!

    -Paul
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    One computer per topic, so select one for starters.

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  3. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    i pressed the OTLPE icon (the one with an arrow pointing right). The popup I get asks me to "choose windows directory"

    I chose the "windows" folder in Local Disk C: and I have now started the scan.

    I have attached the OTL.txt as well
    ---------

    OTL logfile created on: 1/11/2012 9:40:59 PM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 173.28 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2008/07/24 17:22:50 | 000,102,400 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/03/22 14:07:22 | 000,040,960 | ---- | M] () [Auto] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/23 11:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/06/09 19:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2008/10/09 17:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008/09/17 16:52:36 | 000,023,224 | R--- | M] (NT Kernel Resources) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
    DRV - [2007/04/16 01:29:14 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/04/05 04:36:00 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/01/31 03:10:00 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
    DRV - [2007/01/31 03:10:00 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
    DRV - [2007/01/31 03:10:00 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
    DRV - [2006/12/22 08:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
    DRV - [2005/01/31 12:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
    IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\glo_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\glo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\user_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
    IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/14 19:37:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/07 23:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Users\extra\AppData\Local\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Users\extra\AppData\Local\Mozilla Firefox\plugins

    [2011/08/22 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/14 12:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/24 22:35:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/06 02:09:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/04/11 21:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/17 11:26:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
    O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AveoKeySti] File not found
    O4 - HKLM..\Run: [HncUpdate] C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe (Haansoft Inc.)
    O4 - HKLM..\Run: [ICSDCLT] C:\Windows\System32\icsdclt.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (MSI)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKU\Guest_ON_C..\Run: [ooVoo] File not found
    O4 - HKU\Guest_ON_C..\Run: [ooVoo.exe] File not found
    O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
    O4 - HKLM..\RunServices: [SSDPSRV] C:\Windows\System32\ssdpsrv.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\user_ON_C\..Trusted Domains: 82movie.com ([www] http in Trusted sites)
    O16 - DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} http://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab (MyBuilder Viewer Control Ver6.2)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124 (CyImage Class)
    O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5 (Daum ActiveX manager Class)
    O16 - DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} http://cyimg7.cyworld.com/cymusic/package/skcaset.cab (skcaset1 Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: GPplayerActiveXCAB http://music.godpeople.com/gpplayer/GPplayerActiveXCAB.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/01/09 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/01/09 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\glo\AppData\Roaming\TestApp
    [2012/01/08 03:19:25 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/08 02:34:18 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
    [2011/12/14 00:12:58 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/14 00:12:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/14 00:12:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/14 00:12:55 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/14 00:12:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/14 00:12:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/14 00:12:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/14 00:12:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/14 00:12:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/14 00:12:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011/12/14 00:12:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011/12/14 00:12:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011/12/14 00:12:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011/12/14 00:12:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2011/12/14 00:12:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/14 00:12:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/12/14 00:12:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2011/12/14 00:12:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011/12/14 00:12:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011/12/14 00:12:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2011/12/14 00:12:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2011/12/14 00:12:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/12/14 00:12:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011/12/14 00:12:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2007/07/04 23:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/10 23:54:14 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/10 23:54:14 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/10 23:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job
    [2012/01/09 23:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000UA.job
    [2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/09 14:28:17 | 000,512,992 | ---- | M] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
    [2012/01/09 14:26:56 | 000,106,496 | ---- | M] () -- C:\Users\glo\Desktop\nuke-M.exe
    [2012/01/09 14:14:47 | 000,000,359 | ---- | M] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
    [2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2012/01/08 16:47:17 | 000,522,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/01/08 02:21:43 | 000,010,852 | -HS- | M] () -- C:\ProgramData\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
    [2012/01/08 02:21:42 | 000,010,852 | -HS- | M] () -- C:\Users\user\AppData\Local\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
    [2012/01/08 02:19:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/08 01:59:52 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\iExplore.exe
    [2012/01/08 01:58:01 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\rkill.com
    [2012/01/08 01:53:17 | 000,001,205 | ---- | M] () -- C:\Users\user\Desktop\FixNCR.reg
    [2012/01/08 00:04:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000Core.job
    [2012/01/01 21:00:39 | 000,013,596 | ---- | M] () -- C:\Users\user\Documents\songsong.odt
    [2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/09 14:28:17 | 000,512,992 | ---- | C] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
    [2012/01/09 14:26:40 | 000,106,496 | ---- | C] () -- C:\Users\glo\Desktop\nuke-M.exe
    [2012/01/09 14:14:47 | 000,000,359 | ---- | C] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
    [2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\rkill.com
    [2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\iExplore.exe
    [2012/01/08 03:19:25 | 000,001,205 | ---- | C] () -- C:\Users\user\Desktop\FixNCR.reg
    [2012/01/08 01:04:09 | 000,010,852 | -HS- | C] () -- C:\Users\user\AppData\Local\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
    [2012/01/08 01:04:09 | 000,010,852 | -HS- | C] () -- C:\ProgramData\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
    [2012/01/01 21:00:38 | 000,013,596 | ---- | C] () -- C:\Users\user\Documents\songsong.odt
    [2011/05/29 10:59:01 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
    [2011/04/22 15:02:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/01/27 15:04:21 | 000,066,920 | ---- | C] () -- C:\Windows\CMListControl.dll
    [2010/06/14 12:05:11 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
    [2010/06/01 22:30:08 | 000,188,653 | ---- | C] () -- C:\Windows\hpwins22.dat
    [2010/03/17 20:40:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/02/14 19:37:19 | 000,023,136 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/01/10 13:00:55 | 000,077,305 | ---- | C] () -- C:\Windows\hpqins05.dat
    [2010/01/07 17:01:24 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
    [2010/01/07 16:58:55 | 000,176,428 | ---- | C] () -- C:\Windows\hpwins19.dat
    [2009/12/03 11:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/09/11 17:22:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/11 17:22:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/06/09 19:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2009/06/02 09:15:05 | 000,150,365 | ---- | C] () -- C:\Windows\hpoins33.dat
    [2009/05/26 21:08:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/05/15 23:16:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DAUMCRYPT.DLL
    [2009/04/19 09:26:23 | 000,022,528 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/14 21:54:49 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini
    [2009/04/14 21:46:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\winhcfga.ini
    [2009/02/11 19:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/12/10 15:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
    [2008/10/25 04:40:22 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
    [2008/01/23 17:02:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/01/23 16:58:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
    [2008/01/23 16:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
    [2008/01/23 16:48:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
    [2008/01/23 16:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
    [2008/01/23 16:41:03 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll
    [2008/01/23 14:55:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/01/07 09:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
    [2007/04/05 04:27:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2007/03/06 04:04:00 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,522,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/05/19 17:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
    [2005/01/31 10:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2003/03/05 20:57:50 | 000,005,021 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2012/01/09 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\glo\AppData\Roaming\TestApp
    [2011/02/15 00:28:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ooVoo Details
    [2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WD
    [2009/05/12 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\acccore
    [2010/09/26 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.soribada.nc.SbnextClient.4AFBF30EED573EEEE71517CA0DF28BEB04929F7C.1
    [2009/05/30 02:24:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
    [2010/11/02 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
    [2009/04/14 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hnc
    [2010/05/04 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ooVoo Details
    [2010/06/13 01:31:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\oovooinstaller
    [2009/04/12 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
    [2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WD
    [2009/05/12 18:33:05 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
    [2010/04/17 00:41:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
    [2011/05/29 11:34:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ASign
    [2011/05/24 23:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
    [2011/07/10 00:20:50 | 000,000,000 | ---D | M] -- C:\ProgramData\DriverCure
    [2010/05/05 21:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\EmailNotifier
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
    [2010/11/22 23:39:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Hnc
    [2011/05/02 13:06:28 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon
    [2010/06/19 03:20:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ParetoLogic
    [2008/07/08 18:53:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PassMark
    [2009/04/13 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
    [2012/01/09 16:12:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
    [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
    [2009/05/12 18:33:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
    [2008/01/23 18:40:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2011/07/29 10:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/06/06 00:58:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
    [2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
    [2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
    [2011/12/24 10:06:15 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/01/05 21:57:30 | 000,084,480 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
    [2012/01/05 21:57:29 | 000,084,480 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
    [2011/12/22 13:27:24 | 000,000,000 | ---D | M](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
    [2011/11/28 17:15:36 | 000,000,000 | ---D | M](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
    [2011/11/28 14:46:47 | 000,000,000 | ---D | C](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
    [2011/10/13 15:59:37 | 000,026,112 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
    [2011/10/13 15:46:42 | 000,026,112 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
    [2011/10/04 23:17:28 | 000,015,360 | ---- | C] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
    [2011/10/04 23:17:18 | 000,027,136 | ---- | C] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
    [2011/09/18 10:55:53 | 000,000,000 | ---D | M](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
    [2011/09/18 10:48:25 | 000,000,000 | ---D | C](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
    [2011/09/18 10:06:53 | 000,044,544 | ---- | M] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
    [2011/09/18 10:04:21 | 000,044,544 | ---- | C] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
    [2011/09/05 23:00:33 | 000,024,136 | ---- | C] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
    [2011/09/04 13:50:08 | 000,024,136 | ---- | M] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
    [2011/07/10 13:15:50 | 000,000,162 | -H-- | M] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
    [2011/07/10 13:15:50 | 000,000,162 | -H-- | C] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
    [2011/06/26 12:22:39 | 000,000,000 | ---D | C](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
    [2011/06/12 02:28:55 | 000,019,968 | ---- | M] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
    [2011/06/12 02:28:55 | 000,019,968 | ---- | C] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
    [2011/05/29 12:22:50 | 000,016,896 | ---- | C] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
    [2011/05/22 12:02:10 | 000,016,896 | ---- | M] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
    [2011/03/14 20:22:29 | 000,053,760 | ---- | M] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
    [2011/03/14 12:48:21 | 000,053,760 | ---- | C] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
    [2011/03/14 02:23:10 | 000,017,408 | ---- | M] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
    [2011/03/14 02:23:09 | 000,017,408 | ---- | C] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
    [2011/03/13 04:05:59 | 000,015,360 | ---- | M] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
    [2011/03/10 11:41:58 | 000,016,384 | ---- | M] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
    [2011/03/10 11:41:58 | 000,016,384 | ---- | C] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
    [2010/11/26 22:36:06 | 000,027,136 | ---- | M] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
    [2010/10/15 20:30:13 | 000,085,196 | ---- | M] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
    [2010/10/15 20:30:13 | 000,085,196 | ---- | C] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
    [2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
    [2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
    [2009/04/12 19:20:11 | 000,000,971 | ---- | M] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
    [2009/04/12 19:20:11 | 000,000,971 | ---- | C] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
    (C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\보조프로그램
    (C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????? ???) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\프로젝터용 찬양집
    (C:\Program Files\????) -- C:\Program Files\소리바다

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8C35AEA7
    < End of report >
     

    Attached Files:

    • OTL.Txt
      File size:
      74.5 KB
      Views:
      1
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Good :)............
     
  5. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    does edits to my posts notify you that I took the next step, or should I just reply a new post to the thread as this post? I just editted the previous post with the OTL. txt since the rules say to minimize useless posts >.<
     
  6. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    No, I'm not getting any notifications about edits.
    Make sure you follow forum's rules - all logs have to be pasted not attached.

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
    IE - HKU\glo_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\user_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
    O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
    O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AveoKeySti] File not found
    O4 - HKU\Guest_ON_C..\Run: [ooVoo] File not found
    O4 - HKU\Guest_ON_C..\Run: [ooVoo.exe] File not found
    O15 - HKU\user_ON_C\..Trusted Domains: 82movie.com ([www] http in Trusted sites)
    O16 - DPF: GPplayerActiveXCAB http://music.godpeople.com/gpplayer/...ActiveXCAB.CAB (Reg Error: Key error.)
    [2012/01/08 02:21:43 | 000,010,852 | -HS- | M] () -- C:\ProgramData\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
    [2012/01/08 02:21:42 | 000,010,852 | -HS- | M] () -- C:\Users\user\AppData\Local\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8C35AEA7
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into Windows.
     
  7. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Good morning Broni!

    Ran the fix. Tried to shut down windows normally, but Windows would not shut down so I just turned it by holding down the "power on" button. I am running the OTLPE scan now. Is it okay that I turned off the computer like that?
     
  8. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Yes OTLPE doesn't give you any other option.
    If you ran the fix did you try to boot normally?
     
  9. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Here is the scan. I tried to shut down Windows correctly again, but now the computer is screen is frozen. Should I shut if off using the"power on" button and restart windows normally?

    ---------------

    OTL logfile created on: 1/12/2012 9:58:40 AM - Run
    OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
    Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 173.29 Gb Free Space | 74.41% Space Free | Partition Type: NTFS
    Drive D: | 1.86 Gb Total Space | 0.30 Gb Free Space | 16.31% Space Free | Partition Type: FAT
    Drive E: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2008/07/24 17:22:50 | 000,102,400 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/03/22 14:07:22 | 000,040,960 | ---- | M] () [Auto] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
    DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/23 11:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/06/09 19:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2008/10/09 17:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
    DRV - [2008/09/17 16:52:36 | 000,023,224 | R--- | M] (NT Kernel Resources) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
    DRV - [2007/04/16 01:29:14 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/04/05 04:36:00 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/01/31 03:10:00 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
    DRV - [2007/01/31 03:10:00 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
    DRV - [2007/01/31 03:10:00 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
    DRV - [2006/12/22 08:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
    DRV - [2005/01/31 12:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
    IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\glo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
    IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/14 19:37:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/07 23:01:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Users\extra\AppData\Local\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Users\extra\AppData\Local\Mozilla Firefox\plugins

    [2011/08/22 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/14 12:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/24 22:35:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/06 02:09:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/04/11 21:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/17 11:26:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HncUpdate] C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe (Haansoft Inc.)
    O4 - HKLM..\Run: [ICSDCLT] C:\Windows\System32\icsdclt.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (MSI)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
    O4 - HKLM..\RunServices: [SSDPSRV] C:\Windows\System32\ssdpsrv.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} http://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab (MyBuilder Viewer Control Ver6.2)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124 (CyImage Class)
    O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5 (Daum ActiveX manager Class)
    O16 - DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} http://cyimg7.cyworld.com/cymusic/package/skcaset.cab (skcaset1 Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/01/05 23:19:58 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT ]
    O32 - AutoRun File - [2007/10/23 02:22:58 | 000,000,283 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/12 09:38:30 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/01/12 09:33:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/01/09 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/01/09 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\glo\AppData\Roaming\TestApp
    [2012/01/08 03:19:25 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/08 02:34:18 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
    [2011/12/14 00:12:58 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/14 00:12:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/14 00:12:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/14 00:12:55 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/14 00:12:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/14 00:12:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/14 00:12:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/14 00:12:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/14 00:12:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/14 00:12:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2011/12/14 00:12:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2011/12/14 00:12:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2011/12/14 00:12:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2011/12/14 00:12:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2011/12/14 00:12:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/14 00:12:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2011/12/14 00:12:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2011/12/14 00:12:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2011/12/14 00:12:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2011/12/14 00:12:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2011/12/14 00:12:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2011/12/14 00:12:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2011/12/14 00:12:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2011/12/14 00:12:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2007/07/04 23:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/10 23:54:14 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/10 23:54:14 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/10 23:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job
    [2012/01/09 23:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000UA.job
    [2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/09 14:28:17 | 000,512,992 | ---- | M] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
    [2012/01/09 14:26:56 | 000,106,496 | ---- | M] () -- C:\Users\glo\Desktop\nuke-M.exe
    [2012/01/09 14:14:47 | 000,000,359 | ---- | M] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
    [2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2012/01/08 16:47:17 | 000,522,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/01/08 02:19:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
    [2012/01/08 01:59:52 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\iExplore.exe
    [2012/01/08 01:58:01 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\rkill.com
    [2012/01/08 01:53:17 | 000,001,205 | ---- | M] () -- C:\Users\user\Desktop\FixNCR.reg
    [2012/01/08 00:04:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000Core.job
    [2012/01/01 21:00:39 | 000,013,596 | ---- | M] () -- C:\Users\user\Documents\songsong.odt
    [2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/09 14:28:17 | 000,512,992 | ---- | C] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
    [2012/01/09 14:26:40 | 000,106,496 | ---- | C] () -- C:\Users\glo\Desktop\nuke-M.exe
    [2012/01/09 14:14:47 | 000,000,359 | ---- | C] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
    [2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\rkill.com
    [2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\iExplore.exe
    [2012/01/08 03:19:25 | 000,001,205 | ---- | C] () -- C:\Users\user\Desktop\FixNCR.reg
    [2012/01/01 21:00:38 | 000,013,596 | ---- | C] () -- C:\Users\user\Documents\songsong.odt
    [2011/05/29 10:59:01 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
    [2011/04/22 15:02:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/01/27 15:04:21 | 000,066,920 | ---- | C] () -- C:\Windows\CMListControl.dll
    [2010/06/14 12:05:11 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
    [2010/06/01 22:30:08 | 000,188,653 | ---- | C] () -- C:\Windows\hpwins22.dat
    [2010/03/17 20:40:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/02/14 19:37:19 | 000,023,136 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/01/10 13:00:55 | 000,077,305 | ---- | C] () -- C:\Windows\hpqins05.dat
    [2010/01/07 17:01:24 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
    [2010/01/07 16:58:55 | 000,176,428 | ---- | C] () -- C:\Windows\hpwins19.dat
    [2009/12/03 11:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/09/11 17:22:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/11 17:22:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/06/09 19:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2009/06/02 09:15:05 | 000,150,365 | ---- | C] () -- C:\Windows\hpoins33.dat
    [2009/05/26 21:08:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/05/15 23:16:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DAUMCRYPT.DLL
    [2009/04/19 09:26:23 | 000,022,528 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/14 21:54:49 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini
    [2009/04/14 21:46:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\winhcfga.ini
    [2009/02/11 19:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2008/12/10 15:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
    [2008/10/25 04:40:22 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
    [2008/01/23 17:02:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/01/23 16:58:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
    [2008/01/23 16:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
    [2008/01/23 16:48:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
    [2008/01/23 16:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
    [2008/01/23 16:41:03 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll
    [2008/01/23 14:55:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/01/07 09:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
    [2007/04/05 04:27:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2007/03/06 04:04:00 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,522,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/05/19 17:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
    [2005/01/31 10:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2003/03/05 20:57:50 | 000,005,021 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2012/01/09 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\glo\AppData\Roaming\TestApp
    [2011/02/15 00:28:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ooVoo Details
    [2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WD
    [2009/05/12 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\acccore
    [2010/09/26 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.soribada.nc.SbnextClient.4AFBF30EED573EEEE71517CA0DF28BEB04929F7C.1
    [2009/05/30 02:24:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
    [2010/11/02 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
    [2009/04/14 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hnc
    [2010/05/04 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ooVoo Details
    [2010/06/13 01:31:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\oovooinstaller
    [2009/04/12 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
    [2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WD
    [2009/05/12 18:33:05 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
    [2010/04/17 00:41:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
    [2011/05/29 11:34:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ASign
    [2011/05/24 23:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
    [2011/07/10 00:20:50 | 000,000,000 | ---D | M] -- C:\ProgramData\DriverCure
    [2010/05/05 21:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\EmailNotifier
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
    [2010/11/22 23:39:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Hnc
    [2011/05/02 13:06:28 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon
    [2010/06/19 03:20:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ParetoLogic
    [2008/07/08 18:53:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PassMark
    [2009/04/13 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
    [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
    [2012/01/09 16:12:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
    [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
    [2009/05/12 18:33:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
    [2008/01/23 18:40:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2011/07/29 10:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/06/06 00:58:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
    [2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
    [2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
    [2011/12/24 10:06:15 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/01/05 21:57:30 | 000,084,480 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
    [2012/01/05 21:57:29 | 000,084,480 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
    [2011/12/22 13:27:24 | 000,000,000 | ---D | M](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
    [2011/11/28 17:15:36 | 000,000,000 | ---D | M](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
    [2011/11/28 14:46:47 | 000,000,000 | ---D | C](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
    [2011/10/13 15:59:37 | 000,026,112 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
    [2011/10/13 15:46:42 | 000,026,112 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
    [2011/10/04 23:17:28 | 000,015,360 | ---- | C] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
    [2011/10/04 23:17:18 | 000,027,136 | ---- | C] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
    [2011/09/18 10:55:53 | 000,000,000 | ---D | M](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
    [2011/09/18 10:48:25 | 000,000,000 | ---D | C](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
    [2011/09/18 10:06:53 | 000,044,544 | ---- | M] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
    [2011/09/18 10:04:21 | 000,044,544 | ---- | C] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
    [2011/09/05 23:00:33 | 000,024,136 | ---- | C] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
    [2011/09/04 13:50:08 | 000,024,136 | ---- | M] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
    [2011/07/10 13:15:50 | 000,000,162 | -H-- | M] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
    [2011/07/10 13:15:50 | 000,000,162 | -H-- | C] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
    [2011/06/26 12:22:39 | 000,000,000 | ---D | C](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
    [2011/06/12 02:28:55 | 000,019,968 | ---- | M] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
    [2011/06/12 02:28:55 | 000,019,968 | ---- | C] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
    [2011/05/29 12:22:50 | 000,016,896 | ---- | C] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
    [2011/05/22 12:02:10 | 000,016,896 | ---- | M] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
    [2011/03/14 20:22:29 | 000,053,760 | ---- | M] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
    [2011/03/14 12:48:21 | 000,053,760 | ---- | C] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
    [2011/03/14 02:23:10 | 000,017,408 | ---- | M] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
    [2011/03/14 02:23:09 | 000,017,408 | ---- | C] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
    [2011/03/13 04:05:59 | 000,015,360 | ---- | M] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
    [2011/03/10 11:41:58 | 000,016,384 | ---- | M] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
    [2011/03/10 11:41:58 | 000,016,384 | ---- | C] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
    [2010/11/26 22:36:06 | 000,027,136 | ---- | M] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
    [2010/10/15 20:30:13 | 000,085,196 | ---- | M] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
    [2010/10/15 20:30:13 | 000,085,196 | ---- | C] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
    [2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
    [2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
    [2009/04/12 19:20:11 | 000,000,971 | ---- | M] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
    [2009/04/12 19:20:11 | 000,000,971 | ---- | C] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
    (C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\보조프로그램
    (C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????? ???) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\프로젝터용 찬양집
    (C:\Program Files\????) -- C:\Program Files\소리바다
    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Yes please.
     
  11. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    When I first logged onto "user" a windows explorer pop-up came up asking for the admin (username: glo) password. I pressed cancel and the screen went blue again. I logged out and back onto user. I entered the password for Glo and It redirected me to the desktop of Glo and out of "user". I logged out of Glo and back onto user, and now the "user" desktop is not showing symptoms.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Very well.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  13. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Ran Malwarebyte and there were no malicious items. Currently moving onto Step 3: Gmer.

    ---------------

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.12.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    glo :: USER-PC [administrator]

    Protection: Enabled

    1/12/2012 11:07:48 AM
    mbam-log-2012-01-12 (11-07-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221140
    Time elapsed: 11 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Here is the Gmer log. Moving onto step 4: DDS


    ----------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-12 11:36:38
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2250BH rev.0000000B
    Running: cc4kedff.exe; Driver: C:\Users\glo\AppData\Local\Temp\kxldapob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9410C7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  15. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    DDS and Attach logs respectively:

    ------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
    Run by glo at 11:42:08 on 2012-01-12
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.949.82.1033.18.2943.1615 [GMT -8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    svchost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\System Control Manager\MGSysCtrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Windows\vsnp2uvc.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\System32\wpcumi.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\conime.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.averatec.com/
    mDefault_Page_URL = hxxp://www.averatec.com/
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [ICSDCLT] c:\windows\rundll32.exe c:\windows\system32\icsdclt.dll,ICSClient
    mRun: [HncUpdate] c:\program files\common files\hnc\hncutils\HncUpdate.exe /A
    mRun: [Skytel] Skytel.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
    mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRunOnce: [GrpConv] grpconv -o
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunServices: [SSDPSRV] c:\windows\system32\ssdpsrv.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aveost~1.lnk - c:\program files\aveo\aveo uvc filter driver kit\AveoSTI.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} - hxxp://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
    DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5
    DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://cyimg7.cyworld.com/cymusic/package/skcaset.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{D376DDDD-15A6-4A9E-872D-90397276BC10} : DhcpNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 314456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-24 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 44768]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-2 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-12 652872]
    R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2008-1-23 40960]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-12 24652]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-12 20464]
    R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2008-1-23 19456]
    R3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-24 23224]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-31 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-01-12 19:04:53 -------- d-----w- c:\users\glo\appdata\roaming\Malwarebytes
    2012-01-12 19:04:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-12 19:04:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-12 19:04:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-12 18:54:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ae278ab-0135-4f74-b51e-fa96f9850bb9}\offreg.dll
    2012-01-12 18:37:21 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ae278ab-0135-4f74-b51e-fa96f9850bb9}\mpengine.dll
    2012-01-12 14:38:30 -------- d-----w- C:\_OTL
    2012-01-09 19:30:46 -------- d-----w- c:\program files\PC Tools Security
    2012-01-09 19:30:46 -------- d-----w- c:\program files\common files\PC Tools
    2012-01-09 19:14:46 -------- d-----w- c:\programdata\PC Tools
    2012-01-09 19:14:45 -------- d-----w- c:\users\glo\appdata\roaming\TestApp
    .
    ==================== Find3M ====================
    .
    2011-12-08 04:13:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
    .
    ============= FINISH: 11:44:43.83 ===============






    Attach log:


    -----------------------------------------------

    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    32 Bit HP CIO Components Installer
    4500_Help
    8500A909_eDocs
    8500A909_Help
    8500A909g
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8.3.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    avast! Free Antivirus
    AveoCap
    Bonjour
    BPD_DSWizards
    BPD_HPSU
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    C5500
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    ccc-core-static
    ccc-utility
    CCC Help English
    D3DX10
    Data Lifeguard Diagnostic for Windows
    Daum ActiveX 컨트롤 - Daum 음악 플레이어
    Daum ActiveX 컨트롤 - 한메일 파일업로더
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Setup
    DocMgr
    DocProc
    DocProcQFolder
    Download Updater (AOL LLC)
    Driver Detective
    Fax
    Free Audio CD Burner version 1.4
    Free Media Player 0.1
    Free YouTube to MP3 Converter version 3.9
    GPBaseService2
    Haansoft Hangul 2007
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 12.0
    HP Document Manager 2.0
    HP Imaging Device Functions 12.0
    HP Officejet J4500 Series
    HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    iTunes
    J4500
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 7
    Junk Mail filter update
    Korean Fonts Support For Adobe Reader 8
    Malwarebytes Anti-Malware version 1.60.0.1800
    MarketResearch
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Web Components
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.6.23)
    MPM
    MSVCRT
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    OCR Software by I.R.I.S. 12.0
    Officejet Pro 8500 A909 Series
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.0
    Power2Go 5.0
    PowerDVD
    ProductContext
    PS_AIO_04_C5500_Software_Min
    QuickTime
    Real Alternative 2.0.2 Lite
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Shop for HP Supplies
    Skins
    Skype™ 5.1
    SmartWebPrinting
    SolutionCenter
    Soribada Downloader
    Status
    Synaptics Pointing Device Driver
    System Control Manager
    Toolbox
    TrayApp
    Uninstall 1.0.0.1
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    WD Drive Manager (x86)
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    프로젝터용 찬양집
    .
    ==== End Of File ===========================



    ------------
     
  16. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  17. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Avast scan results:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-12 12:16:55
    -----------------------------
    12:16:55.901 OS Version: Windows 6.0.6002 Service Pack 2
    12:16:55.901 Number of processors: 2 586 0x6802
    12:16:55.904 ComputerName: USER-PC UserName: glo
    12:16:58.202 Initialize success
    12:16:58.814 AVAST engine defs: 12011200
    12:17:19.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:17:19.039 Disk 0 Vendor: FUJITSU_MHY2250BH 0000000B Size: 238475MB BusType: 3
    12:17:19.069 Disk 0 MBR read successfully
    12:17:19.073 Disk 0 MBR scan
    12:17:19.077 Disk 0 Windows VISTA default MBR code
    12:17:19.086 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
    12:17:19.094 Disk 0 scanning sectors +488395120
    12:17:19.171 Disk 0 scanning C:\Windows\system32\drivers
    12:17:33.105 Service scanning
    12:17:36.021 Modules scanning
    12:17:54.345 Disk 0 trace - called modules:
    12:17:54.371 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
    12:17:54.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x888502f0]
    12:17:54.751 3 CLASSPNP.SYS[8d1a78b3] -> nt!IofCallDriver -> [0x885ff918]
    12:17:54.758 5 acpi.sys[806116bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x88615820]
    12:17:55.609 AVAST engine scan C:\Windows
    12:18:03.306 AVAST engine scan C:\Windows\system32
    12:20:03.652 AVAST engine scan C:\Windows\system32\drivers
    12:20:14.766 AVAST engine scan C:\Users\glo
    12:22:13.173 AVAST engine scan C:\ProgramData
    12:24:16.954 Scan finished successfully
    12:38:08.301 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
    12:38:08.312 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"






    Bootkit scan results:

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  18. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    You posted aswMBR log twice.
    Please pay attention.
     
  19. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Sorry every time I pressed Ctrl+C Bootkit would shut down without copying. I have fixed the problem.


    Code:
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com
    
    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit
    
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    
    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    
    
    Done;
    Press any key to quit... 
     
  20. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Please do NOT wrap any logs in "code".

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Ran Combofix. After the scan was finished, I was redirected to user "Glo" (admin user). I Rebooted to gain access to internet. It says that "One of your disks needs to be checked for consistency". Should I let this check happen or should I skip it?
     
  22. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Definitely go for it.
     
  23. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Combofix log:

    ComboFix 12-01-12.04 - glo 2/2012 Thu 13:37:01.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.949.82.1033.18.2943.1419 [GMT -8:00]
    Running from: c:\users\user\Desktop\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    Error: Cfiles.dat
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\AV7
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\aveosti.exe.lnk
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM.cfg
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM0.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM1.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM2.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM3.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM4.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM5.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM6.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM7.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM8.che
    c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\SKBGM9.che
    c:\windows\system32\SET8096.tmp
    c:\windows\system32\SET8144.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-12 21:49 . 2012-01-12 21:50 -------- d-----w- c:\users\glo\AppData\Local\temp
    2012-01-12 21:49 . 2012-01-12 21:49 -------- d-----w- c:\users\user\AppData\Local\temp
    2012-01-12 21:49 . 2012-01-12 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-12 21:49 . 2012-01-12 21:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-01-12 19:04 . 2012-01-12 19:04 -------- d-----w- c:\users\glo\AppData\Roaming\Malwarebytes
    2012-01-12 19:04 . 2012-01-12 19:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-12 19:04 . 2012-01-12 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-12 19:04 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-12 18:54 . 2012-01-12 18:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AE278AB-0135-4F74-B51E-FA96F9850BB9}\offreg.dll
    2012-01-12 18:37 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AE278AB-0135-4F74-B51E-FA96F9850BB9}\mpengine.dll
    2012-01-12 14:38 . 2012-01-12 14:38 -------- d-----w- C:\_OTL
    2012-01-09 19:30 . 2012-01-10 03:04 -------- d-----w- c:\program files\PC Tools Security
    2012-01-09 19:30 . 2012-01-10 03:04 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-01-09 19:14 . 2012-01-09 21:12 -------- d-----w- c:\programdata\PC Tools
    2012-01-09 19:14 . 2012-01-09 19:14 -------- d-----w- c:\users\glo\AppData\Roaming\TestApp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-08 04:13 . 2011-07-10 05:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2011-05-25 04:54 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 18:01 . 2011-05-25 04:54 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-28 17:53 . 2011-05-25 04:54 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:53 . 2011-05-25 04:54 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-11-28 17:52 . 2011-05-25 04:54 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-11-28 17:52 . 2011-05-25 04:54 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-11-28 17:52 . 2011-05-25 04:54 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-28 17:51 . 2011-05-25 04:54 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-07-30 561152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "HncUpdate"="c:\program files\Common Files\Hnc\HncUtils\HncUpdate.exe" [2006-07-16 475136]
    "Skytel"="Skytel.exe" [2007-06-15 1826816]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
    "imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
    .
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3948455275-2262482614-2155968984-500]
    "EnableNotificationsRef"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - KXLDAPOB
    *NewlyCreated* - MBAMPROTECTOR
    *Deregistered* - aswMBR
    *Deregistered* - kxldapob
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000Core.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 04:59]
    .
    2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000UA.job
    - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 04:59]
    .
    2012-01-09 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
    .
    2012-01-09 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
    .
    2011-12-24 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    2012-01-12 c:\windows\Tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job
    - c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: c:\windows\system32\wpclsp.dll
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} - hxxp://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab
    DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
    DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5
    DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://cyimg7.cyworld.com/cymusic/package/skcaset.cab
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ICSDCLT - c:\windows\rundll32.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-12 13:50
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    C:\## aswSnx private storage
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3948455275-2262482614-2155968984-1000\Software\Hewlett-Packard\DigitalImaging\CUE Settings\0005_*]
    "PortID"="192.168.1.67"
    .
    [HKEY_USERS\S-1-5-21-3948455275-2262482614-2155968984-1000\Software\Hewlett-Packard\DigitalImaging\CUE Settings\0005_"*]
    "PortID"="192.168.1.67"
    .
    [HKEY_USERS\S-1-5-21-3948455275-2262482614-2155968984-1000\Software\Hewlett-Packard\DigitalImaging\CUE Settings\0005_#*]
    "PortID"="192.168.1.67"
    .
    Completion time: 2012-01-12 13:59:34
    ComboFix-quarantined-files.txt 2012-01-12 21:59
    .
    Pre-Run: 182,819,844,096 bytes free
    Post-Run: 185,198,772,224 bytes free
    .
    - - End Of File - - CAEB09CEC8DEA287E2FF1029E8D32C11
     
  24. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. paulsingsong

    paulsingsong TS Rookie Topic Starter Posts: 35

    Extra.txt log

    OTL Extras logfile created on: 1/12/2012 2:59:15 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.27% Memory free
    5.95 Gb Paging File | 4.70 Gb Available in Paging File | 78.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 172.50 Gb Free Space | 74.07% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: glo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3948455275-2262482614-2155968984-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Hwp.Print] -- C:\HNC\Hwp70\HwpPrnMng.exe /p "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3948455275-2262482614-2155968984-500]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01F56E3D-C852-4B88-8BE9-777AAD682984}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{06D74218-1EC4-4F81-99D0-D1206AFDC85B}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
    "{0EB89296-2C15-4208-A489-30AAAF5E61F5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{102B0F93-1410-43E6-B9FC-E29CA525E763}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1208978D-6707-4226-AD18-5B70D5DDC613}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{3CF1B71D-7214-4B6E-B07D-D4636171CA87}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
    "{4A24617B-9E29-4A28-B9AC-977D06149844}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5C115099-1BFC-4E08-B73C-2F8C881DF8E2}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
    "{5DBDB5C9-7C52-414A-AE40-BC3E90AAFF70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{701B968C-E68F-437B-A4FA-09937CBA0B46}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{7DE364B6-3018-4E6D-BCAE-CB9417EFFE95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9898813D-8239-4D03-BF80-6CE5E5583E30}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A7F14BC3-408F-4EA5-BDD8-51AA00E7DEA3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A90883B7-58E1-41B9-BD35-C56248F833A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AD36230C-68D4-4D05-A0CB-CF8DE272A7F8}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
    "{ADBEE477-DB2B-4D86-8B50-C3D857715186}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B7359ED7-2812-45DC-86B3-3E7289A0B8B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C9E695DE-95A4-4BDE-ACC2-3B8A54023404}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CD368DD1-7074-4C17-8EA8-EC2AA1C9062C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D687C68E-6407-499E-A1DF-EFDB0D3E3EDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D89A1343-1F13-4E72-9E84-7B8E15C70354}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{DD1E0644-CB12-493A-99A3-4300941BCC41}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E5B98571-BECE-4695-8173-892AB56067A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EAFB3D3F-D20B-4FE1-8CFD-59D0763D1362}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
    "{ED2362DF-302D-4119-8B15-18A1C63FC982}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{F8D2BB8E-3D40-4A3F-8AFE-D23C6C1E060E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FC5A1EB4-A9EA-41AA-83F3-E67545E4D6CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{066AB4C8-5399-40C7-AC94-7344F6ADBF3B}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{067A671A-EC5E-4688-B3CD-559928058EBE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{0B4A68A8-7925-47E8-8AF8-3A8003B07B9D}" = protocol=6 | dir=out | app=system |
    "{132D4203-B60F-4D3C-BBB7-C74510F9E806}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1D22B3F4-3730-427C-A42F-AC02906F81E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{1E5663D7-9113-4210-9DF8-C23D458FBB91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{230143ED-7027-4AB0-86D2-A10D68D1E84E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{4458F45B-4E32-4A73-B4FD-6B7EEB307BFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{45C7E383-31AF-4FE2-A262-FC33728922A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{5AFF1D35-83E7-46B8-8FE5-CF933E5BA970}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{5D5CB147-FAE5-4789-8EDE-D13D63B022D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5EB6AC7A-D1BF-49CF-8E1D-139BDF8C503E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{60159DC4-4325-47DC-9FD2-A318DC1CBA01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{602BFC78-4299-4AD3-9056-143C9CF5DC17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{647949AE-F6C8-464F-8135-645D645BAE80}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6B08AD70-0741-46E8-B58B-FE4FC44C4EC8}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{6CE60895-5322-45E9-B665-3518D7BDE24F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{717109A2-651F-4C85-9EB8-12158467387A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{7413D8EE-E611-4DB4-9879-FDFC83ABABD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{79318216-93DB-47FB-88DE-C60BBC76EB71}" = protocol=17 | dir=in | app=c:\windows\skcbgm.exe |
    "{7C7B2BE3-5D5F-4424-BF3A-F091534B0405}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7CA1B73D-ACEF-4917-9FD0-EC394E31F846}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{83A51A6B-515A-4CC0-AD8D-B7A496EA79F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{846889B0-5B87-461B-AEDF-20BA432ADFBC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{8532D1FD-BD17-431B-9969-4B223DC1F8CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{85E1926C-F6CE-4B51-BEC0-675CFEF7A8C8}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
    "{8DC1DC8E-0148-4230-80C7-FB7676DDB329}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{906C5953-565D-4687-8242-11AA171E9FCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{951F7735-AD97-42E0-81C3-D868E06DEE60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{A0BBFD8C-0C2C-402A-83B8-8C1A013443A2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{A2C94AC2-9904-4654-BAF0-41409C55D8AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{A73A307B-FD34-47FD-90F5-B2E0A2793E1B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{AE1AD19E-75FD-41AF-8AF0-EC58FD0D3E0A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{AEC6727F-FEC8-4FC8-83FF-1868ED64DAC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{B2BA1DB8-F26E-4980-9A42-9C77B6C7082D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{B385026B-E454-4EDA-A96C-C1FF8E5A755F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{BAE38733-3AD8-452D-83A6-624CA6F55F28}" = dir=in | app=e:\setup\hpznui01.exe |
    "{C3FBA112-CF13-44E7-9AD7-4483FAF63BC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{C677EFC7-1E25-4AB8-A188-76A1EF035192}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{C8B3A8A4-59CF-49C4-8C91-37489678BC12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D6CF766D-D297-445C-98D5-FC5682AADF9B}" = protocol=6 | dir=in | app=c:\windows\skcbgm.exe |
    "{E303DFCA-1723-44AD-8D62-0078F4689E38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{E3A37233-9650-4657-A13E-BEC19D4F3BFA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{E5307684-64C2-4E00-9396-A346D8587254}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{E6011FCD-5D85-43FC-85B4-350ADFE934A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E78473B9-8EBD-4B20-8BC0-6BA59EB9B69A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{E7A3874B-E8FD-47B5-A679-5F733C368AC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{F0251DB8-BCAA-4EF6-B0D9-B9AFCB9450D4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{F0D980E4-0870-4972-A32F-DA48AE92C04C}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{F1EB4C92-D274-45C5-87BB-4BFDD8B1E2B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{F2385691-8BB3-41E9-A10E-F6C0368F3B37}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
    "{F60BFB44-A03D-4AE9-AE9F-C89E43BCAEE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F9895778-8BA1-49DE-A0A5-B95F0D855C9B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{FCDE0A40-10D8-4EFA-AE7E-3F7CBD0A76E3}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "TCP Query User{072FE9B4-FEC0-447C-9D1B-56AE6BB26C8C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{3682481F-BAF1-43BA-AEF5-16B990D7B6F8}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "TCP Query User{46F8091F-CA1C-4F21-8D54-449D3BEE019E}C:\programdata\kaspersky lab setup files\kaspersky internet security 8.0.0.358\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 8.0.0.358\english\setup.exe |
    "TCP Query User{491C88C7-C76A-4867-AAE1-4D2DC1BA5485}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{50BFC271-D4E9-44F9-8F12-8D3968B5A502}C:\windows\skcbgm.exe" = protocol=6 | dir=in | app=c:\windows\skcbgm.exe |
    "TCP Query User{C7736B34-FB85-45B3-B8F7-F92D58BC7C8E}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "UDP Query User{85E28DE6-2088-45FB-B385-72DD9049E8DE}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "UDP Query User{8C55F852-9DCC-4B50-ADCC-59C1C0864818}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
    "UDP Query User{92D08542-94AB-4787-9AF9-5476AE1932D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{B2CE4726-744F-4EDF-9563-17C708152F36}C:\windows\skcbgm.exe" = protocol=17 | dir=in | app=c:\windows\skcbgm.exe |
    "UDP Query User{CA737CB7-4B69-444F-976E-7DEC884FB4DF}C:\programdata\kaspersky lab setup files\kaspersky internet security 8.0.0.358\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 8.0.0.358\english\setup.exe |
    "UDP Query User{F01F3DA3-FABB-4FC6-BC91-8C280CEF03B9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
    "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
    "{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
    "{15754BF1-C5E3-974E-340E-A6C424C778C5}" = Catalyst Control Center Graphics Light
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{181397CF-866B-D713-1A3D-7ACF1156B920}" = Skins
    "{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
    "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E044771-49B8-80F6-AC41-C316201D9B7F}" = ccc-core-static
    "{3E07289E-523B-F4F0-9362-A66938FDA131}" = Catalyst Control Center Graphics Previews Vista
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
    "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
    "{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
    "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
    "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A2E758A-028B-46BB-A11D-0608AB5A4ED3}" = Daum ActiveX 컨트롤 - Daum 음악 플레이어
    "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{773B674B-99DF-3FEB-8813-255A87066D2E}" = CCC Help English
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90110412-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90260412-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{969CAD22-B9F0-4476-9F00-D86C47551BC0}" = PS_AIO_04_C5500_Software_Min
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C618151-E3A4-E172-9B54-1EB07ADF3B33}" = Catalyst Control Center Graphics Full Existing
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A00B2A53-60D9-4477-ADA3-60490770C5E0}" = Daum ActiveX 컨트롤 - 한메일 파일업로더
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A3B89BBA-A453-BF6D-089B-5E84C2C3883C}" = Soribada Downloader
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A9BA65A6-BEA6-48DF-991A-CB28A23CBAE3}" = C5500
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{AC76BA86-7AD7-5670-0000-810000000003}" = Korean Fonts Support For Adobe Reader 8
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2423C36-006E-4270-AEBC-CFC4CAF2C310}" = Haansoft Hangul 2007
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
    "{B8000353-9E60-4e84-BF3E-CD9996EF80EE}" = HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
    "{BEC56CA8-9CAD-D35F-0448-1272FD583B26}" = Catalyst Control Center Graphics Full New
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
    "{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
    "{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
    "{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F5FA7A2A-18AF-3752-C3C8-D010DA14EDE1}" = Catalyst Control Center Core Implementation
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "{FA2893D8-5DA7-37E9-E22A-9440E882EA26}" = ccc-utility
    "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "com.soribada.nc.SbnextClient.4AFBF30EED573EEEE71517CA0DF28BEB04929F7C.1" = Soribada Downloader
    "DivX Setup.divx.com" = DivX Setup
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
    "Free Media Player" = Free Media Player 0.1
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 12.0
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
    "PROHYBRIDR" = 2007 Microsoft Office system
    "RealAlt_is1" = Real Alternative 2.0.2 Lite
    "Shop for HP Supplies" = Shop for HP Supplies
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Uninstall_is1" = Uninstall 1.0.0.1
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "프로젝터용 찬양집" = 프로젝터용 찬양집

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3948455275-2262482614-2155968984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/26/2011 5:10:10 AM | Computer Name = user-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 10/27/2011 12:48:36 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
    0x49e01da5, faulting module korwbrkr.dll_unloaded, version 0.0.0.0, time stamp
    0x49e03745, exception code 0xc0000005, fault offset 0x728f7d32, process id 0x4d0,
    application start time 0x01cc944383b8c2dd.

    Error - 10/27/2011 9:49:07 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
    0x49e01da5, faulting module korwbrkr.dll_unloaded, version 0.0.0.0, time stamp
    0x49e03745, exception code 0xc0000005, fault offset 0x728f7d32, process id 0x15a8,
    application start time 0x01cc9463bcf0d72d.

    Error - 10/27/2011 10:54:48 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
    0x49e01da5, faulting module korwbrkr.dll_unloaded, version 0.0.0.0, time stamp
    0x49e03745, exception code 0xc0000005, fault offset 0x728f7d32, process id 0x654,
    application start time 0x01cc94af3851340d.

    Error - 10/30/2011 1:14:31 AM | Computer Name = user-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 10/30/2011 1:16:24 AM | Computer Name = user-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 10/30/2011 4:40:45 AM | Computer Name = user-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 11/1/2011 6:11:19 AM | Computer Name = user-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 11/6/2011 8:00:44 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
    0x49e01da5, faulting module korwbrkr.dll_unloaded, version 0.0.0.0, time stamp
    0x49e03745, exception code 0xc0000005, fault offset 0x6ccf7d32, process id 0xfe0,
    application start time 0x01cc9ca02761c85c.

    Error - 11/6/2011 10:31:08 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 15.0.874.106, time stamp
    0x4ea7969e, faulting module chrome.dll, version 15.0.874.106, time stamp 0x4ea79648,
    exception code 0xc0000005, fault offset 0x0010ebe6, process id 0x988, application
    start time 0x01cc9ce2d38b3780.

    [ Media Center Events ]
    Error - 1/18/2010 12:42:52 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/15/2010 1:30:24 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/15/2010 3:12:02 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 7/10/2011 1:35:26 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1659
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/23/2009 10:00:51 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    4, function 0. Please contact your system vendor for technical assistance.

    Error - 5/23/2009 10:00:51 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    6, function 0. Please contact your system vendor for technical assistance.

    Error - 5/23/2009 10:00:51 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    7, function 0. Please contact your system vendor for technical assistance.

    Error - 5/24/2009 3:53:03 AM | Computer Name = user-PC | Source = DCOM | ID = 10010
    Description =

    Error - 5/24/2009 10:39:09 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    4, function 0. Please contact your system vendor for technical assistance.

    Error - 5/24/2009 10:39:09 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    6, function 0. Please contact your system vendor for technical assistance.

    Error - 5/24/2009 10:39:09 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    7, function 0. Please contact your system vendor for technical assistance.

    Error - 5/25/2009 2:00:29 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    4, function 0. Please contact your system vendor for technical assistance.

    Error - 5/25/2009 2:00:29 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    6, function 0. Please contact your system vendor for technical assistance.

    Error - 5/25/2009 2:00:29 AM | Computer Name = user-PC | Source = ACPI | ID = 327686
    Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
    7, function 0. Please contact your system vendor for technical assistance.


    < End of report >
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.