Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 21st, 2009, 07:06 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
Can you please help me? - HJT log included

Hello, im new on the forums. i've noticed that my computer was running pretty slow lately and was reccomended by my friend that you guys fix computers very well. I wanted some help because im not too good with computers. Heres a HJT log included as you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오전 11:01:30, on 2009-05-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dldwcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Baram\npk\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CKAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: 야후! 툴바 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ShopEnuri Reward - {0050FB41-02E4-4180-82B1-9387526B8BBB} - C:\Program Files\ShopEnr\shopenr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Dell 도구 모음 - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EsqBrowserUI - {EE8D781C-615D-48B7-9DC8-AF05B1537769} - C:\WINDOWS\system32\EsqBrowserUI.dll
O2 - BHO: Gulf Class - {FFDE727F-3330-45EB-B9F9-C1668E6E08B2} - C:\Program Files\Nate\AddressSearch\sch.dll
O3 - Toolbar: 야후! 툴바 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dell 도구 모음 - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ntasvr] "C:\Program Files\Nate\AddressSearch\ntasvr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . 제품 등록.lnk = C:\Program Files\Common Files\Logishrd\eReg\Common\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nm...MStarter25.cab
O16 - DPF: {17E9F830-9CFB-4381-BFDA-A25C6C7DCD2C} (CNeopleInstallAXCtlKor10 Object) - http://d-fighter.nefficient.co.kr/sa...r/dnf_real.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} (EasyPayX Control) - http://www.payzone.co.kr/EasyPayX/EasyPayX.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {318CA127-12CF-4386-B2F1-564D0600E6C9} (CNeopleInstallAXCtlKor10 Object) - http://d-fighter.nefficient.co.kr/sa.../dnf_first.cab
O16 - DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} (KT ICS Download Component) - http://tales.nexon.com/tales2/pds/tales/AddOn.cab
O16 - DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} (CommonWebStarter Control) - http://sunonline.hangame.com/WebRun/...WebStarter.cab
O16 - DPF: {65132E5B-B5AD-4AF2-A98A-09F52E51810C} (Nanmola File Share Control 5) - http://www.nanmola.com/mmsv/NanmolaControl.CAB
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...b.2008.1.8.cab
O16 - DPF: {8852138D-88A9-4836-B2EA-7DCEBCAA46B5} (CSpecInvestigator Object) - http://www.mabinogi.com/c3/Common/mabisrm.cab
O16 - DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} (Wk_setup Control) - https://www.wonderking.co.kr/gamestart/wk_setup.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {9542B8D8-F8F1-449A-9FA4-833C846E7B51} (NanMola File Share Control 5) - http://www.nanmola.com/mmsv/NanMolaControl.CAB
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A2086024-A082-453D-BFBA-0B29B2C7ABFB} (CNeopleInstallAXCtlKor9 Object) - http://d-fighter.nefficient.co.kr/sa...r/dnf_real.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.cdnetworks.co.kr/cdndist...fyLauncher.cab
O16 - DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} (SignGATE Class) - http://download.signgate.com/downloa...AxSignGATE.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/Daum...ab?ver=2,0,0,4
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) -
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1020.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NM...wnloaderEx.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://cafe.naver.com/common/activex/NaverAXGuide.cab
O23 - Service: Apple 모바일 장비 (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour 서비스 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Program Files\Baram\npk\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12583 bytes
Reply With Quote
  #2  
Old May 22nd, 2009, 07:56 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Hi JaeyoungC and welcome. Your Hijack This log indicates that your operating system is infected but I need to see more comprehensive logs to be able to help you. Before you provide them, you need to know that I have made a personal decision not to help anyone who has peer to peer software installed on their computers (and this includes Bit Torrent software) so if you want my help, please uninstall any such programs now and reboot.

Go here and download DDS to your Desktop and doubleclick on DDs.scr to run it. If your security software includes script blocking features, please disable these before you run this utility. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

Please do not run any programs other than those that I suggest or install any new software while I am helping you.
Reply With Quote
  #3  
Old May 22nd, 2009, 09:09 AM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
as you have requested i uninstalled peer to peer software i could find. please tell me if there are anymore.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Jae Young Choi at 1:07:13.71 on 2009-05-22
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2045.1466 [GMT 9:00]

AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nate\AddressSearch\ntasvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Baram\npk\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\webemctl32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jae Young Choi\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.naver.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 128.223.8.112:3124
uURLSearchHooks: 야후! 툴바: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mWinlogon: Taskman=calwjfdj.exe
BHO: ShopEnuri Reward: {0050fb41-02e4-4180-82b1-9387526b8bbb} - c:\program files\shopenr\shopenr.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Dell 도구 모음: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IWebInterception Class: {bfddbdbb-f62c-4d4a-b574-59d276f47196} - c:\program files\click to tweak [basic]\WebInterception.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EsqBrowserUI: {ee8d781c-615d-48b7-9dc8-af05b1537769} - c:\windows\system32\EsqBrowserUI.dll
BHO: Gulf Class: {ffde727f-3330-45eb-b9f9-c1668e6e08b2} - c:\program files\nate\addresssearch\sch.dll
TB: 야후! 툴바: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Dell 도구 모음: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ProxyFirewall] c:\program files\proxyfirewall\ProxyFirewall.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ntasvr] "c:\program files\nate\addresssearch\ntasvr.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
Reply With Quote
  #4  
Old May 22nd, 2009, 09:09 AM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\log ite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: d-fighter.com
Trusted Zone: d-fighter.com\www
Trusted Zone: nexon.com\df
Trusted Zone: nexon.com\df.nexon.com,dflogin.nexon.com,login.df
Trusted Zone: nexon.com\dflogin
Trusted Zone: nexon.com\login.df
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17E9F830-9CFB-4381-BFDA-A25C6C7DCD2C} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab
DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - hxxp://s.nx.com/activex/public_new/nxpm.cab
DPF: {318CA127-12CF-4386-B2F1-564D0600E6C9} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/installer/dnf_first.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://tales.nexon.com/tales2/pds/tales/AddOn.cab
DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.hangame.com/WebRun/CommonWebStarter.cab
DPF: {65132E5B-B5AD-4AF2-A98A-09F52E51810C} - hxxp://www.nanmola.com/mmsv/NanmolaControl.CAB
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2008.1.8.cab
DPF: {8852138D-88A9-4836-B2EA-7DCEBCAA46B5} - hxxp://www.mabinogi.com/c3/Common/mabisrm.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxps://www.wonderking.co.kr/gamestart/wk_setup.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9542B8D8-F8F1-449A-9FA4-833C846E7B51} - hxxp://www.nanmola.com/mmsv/NanMolaControl.CAB
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E}
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
DPF: {A2086024-A082-453D-BFBA-0B29B2C7ABFB} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://download.signgate.com/download/certmgt/AxSignGATE.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} - hxxp://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jaeyou~1\applic~1\mozilla\firefox\prof iles\e9z3iikb.default\
FF - plugin: c:\documents and settings\all users\application data\nexon\ngm\npNxGame.dll
FF - plugin: c:\documents and settings\jae young choi\application data\mozilla\firefox\profiles\e9z3iikb.default\ext ensions\acqvplayer@sanstream.co.jp\plugins\npAcqVP layer.dll
FF - plugin: c:\documents and settings\jae young choi\application data\mozilla\firefox\profiles\e9z3iikb.default\ext ensions\justintvpublisher@justin.tv\platform\winnt _x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-5-15 1051136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-2-21 55152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxp flt.sys [2005-2-19 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-23 290889]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpr eflt.sys [2005-2-19 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-4-26 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-16 24652]
R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2009-5-12 12600]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-3 33752]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\jae young choi\desktop\moonlight\moonlight engine\money1280.sys --> c:\documents and settings\jae young choi\desktop\moonlight\moonlight engine\Money1280.sys [?]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-11-21 34744]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-11-21 6784]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2 kfNT.sys [2008-12-23 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2 Nadr.sys [2008-12-23 79104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-1-13 19504]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-1-13 83160]
S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sy s --> c:\windows\system32\XDva225.sys [?]
S4 dldw_device;dldw_device;c:\windows\system32\dldwco ms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
S4 dldwCATSCustConnectService;dldwCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\dld wserv.exe [2009-2-4 99568]
S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S4 MSDTCT;Distributed Transaction;c:\windows\system32\hxgzboi.exe [2009-5-16 36864]
S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]

=============== Created Last 30 ================

2009-05-20 17:18 36,864 a------- c:\windows\system32\calwjfdj.exe
2009-05-20 17:18 24,576 a------- c:\windows\system32\hijjeune.exe
2009-05-20 17:18 234,833 a------- c:\windows\system32\rornhrnt.exe
2009-05-19 09:47 299,008 -------- c:\windows\system32\webemctl32.exe
2009-05-18 21:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webcammax
2009-05-18 21:27 <DIR> --d----- c:\program files\WebcamMax
2009-05-18 13:09 <DIR> --d----- c:\program files\common files\HanGameAvatar
2009-05-16 22:55 102,160 -------- c:\windows\system32\Vb6ko.dll
2009-05-16 22:55 249,856 a------- c:\windows\system32\EsqBrowserUI.dll
2009-05-16 22:55 36,864 a------- c:\windows\system32\kbbvobmt.exe
2009-05-16 22:55 36,864 a------- c:\windows\system32\hxgzboi.exe
2009-05-16 22:55 2,820,696 a------- c:\windows\jomsmit8.exe
2009-05-15 13:54 <DIR> --d----- c:\docume~1\jaeyou~1\applic~1\Webcammax
2009-05-14 12:02 <DIR> --d----- C:\HanPurple
Reply With Quote
  #5  
Old May 22nd, 2009, 09:10 AM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
2009-05-14 12:02 151,552 a------- c:\windows\system32\PubPlugin.dll
2009-05-12 12:11 12,600 a------- c:\windows\system32\JRSUKD25.SYS
2009-05-12 12:11 124,216 a------- c:\windows\system32\CKAgent.exe
2009-05-12 10:25 <DIR> --d----- c:\docume~1\jaeyou~1\applic~1\RenPy
2009-05-11 01:02 <DIR> --d----- c:\program files\Umile
2009-05-11 00:47 296,472 a------- c:\windows\system32\NaverFDL.exe
2009-05-11 00:47 292,376 a------- c:\windows\system32\NaverFile.ocx
2009-05-09 01:15 <DIR> --d----- c:\program files\AviSynth 2.5
2009-05-09 01:15 <DIR> --d----- c:\program files\nzellsoft
2009-05-07 06:52 <DIR> --d----- c:\program files\The KMPlayer
2009-05-07 05:34 <DIR> --d----- c:\program files\common files\CyberLink
2009-05-07 05:32 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-07 05:32 29,480 a------- c:\windows\system32\msxml3a.dll
2009-05-06 15:03 <DIR> --d----- C:\DVDVideoSoft
2009-05-06 15:01 <DIR> --d----- c:\program files\AskBarDis
2009-05-06 15:00 <DIR> --d----- c:\program files\DVDVideoSoft
2009-05-06 15:00 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-04-28 16:06 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_0 1_07_00.Wdf
2009-04-28 16:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_010 07.Wdf
2009-04-28 16:05 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00. Wdf
2009-04-28 15:58 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf
2009-04-28 15:58 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-04-28 15:58 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-04-28 15:56 465,920 -c------ c:\windows\system32\dllcache\imapi2fs.dll
2009-04-28 15:56 62,976 -c------ c:\windows\system32\dllcache\cdrom.sys
2009-04-28 15:56 465,920 -------- c:\windows\system32\imapi2fs.dll
2009-04-28 15:56 317,952 -c------ c:\windows\system32\dllcache\imapi2.dll
2009-04-28 15:56 317,952 -------- c:\windows\system32\imapi2.dll
2009-04-28 02:47 <DIR> --d----- C:\Netgear
2009-04-27 17:50 54,800 a------- c:\windows\system32\CMStarter_Eng.dll
2009-04-27 17:50 12,490,256 a------- c:\windows\system32\CMStarter_Kor.dll
2009-04-27 17:50 329,232 a------- c:\windows\system32\CMStarterCore.exe

==================== Find3M ====================

2009-05-21 19:31 34,744 a------- c:\windows\system32\JRSKD24.sys
2009-05-12 12:11 632,120 a------- c:\windows\system32\CKSetup32.exe
2009-05-07 05:31 505,128 a------- c:\windows\system32\msvcp71.dll
2009-05-07 05:31 353,576 a------- c:\windows\system32\msvcr71.dll
2009-05-03 13:13 359 a------- c:\program files\DNFTestInstallPerformance.txt
2009-04-18 09:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-04-18 09:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-04-18 09:32 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-04-11 17:17 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-15 09:45 36,864 a------- c:\windows\system32\iikwzdsy.exe
2009-03-10 21:21 1,086,144 a------- c:\windows\system32\NaverAXGuide.exe
2009-03-09 16:38 102,400 a------- c:\windows\system32\CKComObj.dll
2009-03-09 16:07 312,632 a------- c:\windows\system32\XecureCK.dll
2009-03-09 16:07 79,160 a------- c:\windows\system32\Jrsoftcp.dll
2009-03-09 16:07 124,216 a------- c:\windows\system32\CKApp.dll
2009-03-06 23:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 09:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-21 03:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-01-17 17:02 73 a------- c:\program files\Log.txt
2009-01-17 17:02 106 a------- c:\program files\AudiLog.txt
2009-01-17 16:56 18 a------- c:\program files\filecheck.log
2009-02-04 04:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090 205\index.dat

============= FINISH: 1:07:46.67 ===============
Reply With Quote
  #6  
Old May 22nd, 2009, 09:12 AM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-11-21 오후 6:36:31
System Uptime: 2009-05-22 오전 1:04:11 (0 hours ago)

Motherboard: Dell Inc. | | 0UH741
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2993/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 107.753 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 129.044 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\770A572280140000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\770A572280140000
Service: NIC1394

==== System Restore Points ===================

RP184: 2009-02-21 오전 9:38:13 - Installed Windows XP KB954708.
RP185: 2009-02-21 오전 9:38:37 - Installed DirectX
RP186: 2009-02-22 오후 4:25:02 - System Checkpoint
RP187: 2009-02-23 오후 5:34:03 - System Checkpoint
RP188: 2009-02-24 오전 11:24:48 - Installed Windows Media Player Firefox Plugin
RP189: 2009-02-25 오후 5:05:42 - System Checkpoint
RP190: 2009-02-26 오전 3:00:12 - Software Distribution Service 3.0
RP191: 2009-02-26 오전 5:57:12 - Software Distribution Service 3.0
RP192: 2009-02-27 오후 4:12:10 - System Checkpoint
RP193: 2009-02-28 오후 4:46:29 - System Checkpoint
RP194: 2009-03-01 오후 7:12:26 - System Checkpoint
RP195: 2009-03-03 오전 1:51:11 - System Checkpoint
RP196: 2009-03-04 오전 2:19:03 - System Checkpoint
RP197: 2009-03-05 오전 2:39:58 - System Checkpoint
RP198: 2009-03-06 오전 3:12:57 - System Checkpoint
RP199: 2009-03-07 오전 3:30:57 - System Checkpoint
RP200: 2009-03-08 오전 3:48:45 - System Checkpoint
RP201: 2009-03-09 오전 4:35:38 - System Checkpoint
RP202: 2009-03-10 오후 5:59:22 - System Checkpoint
RP203: 2009-03-11 오후 6:52:11 - System Checkpoint
RP204: 2009-03-12 오전 3:00:13 - Software Distribution Service 3.0
RP205: 2009-03-13 오후 8:36:49 - System Checkpoint
RP206: 2009-03-16 오전 4:27:40 - System Checkpoint
RP207: 2009-03-17 오후 5:01:06 - System Checkpoint
RP208: 2009-03-19 오후 6:43:49 - System Checkpoint
RP209: 2009-03-21 오전 1:57:44 - System Checkpoint
RP210: 2009-03-22 오전 3:00:15 - Software Distribution Service 3.0
RP211: 2009-03-23 오전 5:17:44 - System Checkpoint
RP212: 2009-03-25 오전 2:01:39 - System Checkpoint
RP213: 2009-03-26 오전 10:45:11 - System Checkpoint
RP214: 2009-03-27 오후 5:42:08 - System Checkpoint
RP215: 2009-03-29 오전 1:38:45 - System Checkpoint
RP216: 2009-03-30 오전 3:27:21 - System Checkpoint
RP217: 2009-03-31 오후 8:04:43 - System Checkpoint
RP218: 2009-04-01 오전 11:40:38 -Installed Nateon
RP219: 2009-04-02 오후 9:21:04 - System Checkpoint
RP220: 2009-04-04 오전 2:07:27 - System Checkpoint
RP221: 2009-04-05 오전 4:43:11 - System Checkpoint
RP222: 2009-04-06 오전 4:45:27 - System Checkpoint
RP223: 2009-04-07 오후 6:52:35 - System Checkpoint
RP224: 2009-04-08 오후 9:21:14 - System Checkpoint
RP225: 2009-04-09 오후 9:32:34 - System Checkpoint
RP226: 2009-04-11 오전 2:28:27 - System Checkpoint
RP227: 2009-04-11 오후 12:59:34 - Installed MySQL Server 6.0
RP228: 2009-04-11 오후 1:03:34 - Installed MySQL Tools for 5.0
RP229: 2009-04-11 오후 2:40:56 - Installed MapleStory.
RP230: 2009-04-11 오후 4:18:38 - Installed Hex Workshop v6
RP231: 2009-04-11 오후 5:15:54 - Installed Java(TM) SE Development Kit 6 Update 13
RP232: 2009-04-11 오후 5:17:32 - Uninstalled Java(TM) 6 Update 10
RP233: 2009-04-11 오후 5:17:49 - Installed Java(TM) 6 Update 13
RP234: 2009-04-13 오전 3:47:03 - System Checkpoint
RP235: 2009-04-14 오후 6:36:12 - System Checkpoint
RP236: 2009-04-15 오후 6:43:07 - System Checkpoint
RP237: 2009-04-16 오후 11:01:42 - System Checkpoint
RP238: 2009-04-17 오전 3:00:13 - Software Distribution Service 3.0
RP239: 2009-04-18 오전 9:31:39 - Logitech SetPoint Mouse and Keyboard Device Drivers
RP240: 2009-04-20 오전 4:51:45 - System Checkpoint
RP241: 2009-04-21 오후 7:13:28 - System Checkpoint
RP242: 2009-04-22 오후 8:26:26 - System Checkpoint
RP243: 2009-04-24 오전 12:45:48 - System Checkpoint
RP244: 2009-04-25 오전 2:21:23 - System Checkpoint
RP245: 2009-04-26 오전 2:47:18 - System Checkpoint
RP246: 2009-04-27 오전 4:34:15 - System Checkpoint
RP247: 2009-04-28 오후 3:05:41 - System Checkpoint
RP248: 2009-04-28 오후 3:56:56 - Software Distribution Service 3.0
RP249: 2009-04-28 오후 3:57:32 - Installed Zune 3.1
RP250: 2009-04-28 오후 4:04:52 - Installed Windows XP Wudf01007.
RP251: 2009-04-28 오후 4:06:47 - Installed Windows XP winusb0100.
RP252: 2009-04-29 오전 3:00:13 - Software Distribution Service 3.0
Reply With Quote
  #7  
Old May 22nd, 2009, 09:12 AM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
RP253: 2009-04-30 오후 4:13:19 - System Checkpoint
RP254: 2009-05-01 오후 4:48:03 - System Checkpoint
RP255: 2009-05-02 오후 9:29:25 - System Checkpoint
RP256: 2009-05-04 오전 12:38:41 - System Checkpoint
RP257: 2009-05-05 오전 2:10:13 - System Checkpoint
RP258: 2009-05-06 오후 4:54:19 - System Checkpoint
RP259: 2009-05-07 오전 5:32:00 - Installed PowerDVD
RP260: 2009-05-07 오전 6:32:08 - Uninstalled WonderKing
RP261: 2009-05-07 오전 6:36:41 - Modified PowerDVD
RP262: 2009-05-08 오후 4:50:04 - System Checkpoint
RP263: 2009-05-09 오후 10:40:24 - System Checkpoint
RP264: 2009-05-11 오전 1:02:37 - Installed Umile Encoder
RP265: 2009-05-12 오전 3:30:56 - System Checkpoint
RP266: 2009-05-13 오전 3:00:20 - Software Distribution Service 3.0
RP267: 2009-05-14 오후 5:13:04 - Installed Monster Hunter Frontier Online
RP268: 2009-05-16 오전 2:06:58 - System Checkpoint
RP269: 2009-05-17 오전 2:47:10 - System Checkpoint
RP270: 2009-05-17 오전 10:36:50 - Installed Adobe Flash Media Live Encoder 3.
RP271: 2009-05-18 오후 10:16:33 - Modified Monster Hunter Frontier Online
RP272: 2009-05-19 오전 9:47:44 - SetPoint 4.72
RP273: 2009-05-20 오전 10:07:29 - System Checkpoint

==== Installed Programs ======================

?????? ????????
네이버 ActiveX 가이드
네이트 주소창 검색
네이트온
넥슨플러그
던전앤파이터
던전앤파이터 퍼스트 서버
마비노기
마비노기(테스트서버)
알씨
알집
알툴즈 업데이트
야후! 툴바
엔젤 인코더 삭제
온팁 - 클릭 투 트윅 [온라인] 1.1
클릭 투 트윅 4.4
테일즈위버 TEST 4.58
한게임
한게임 보안패치
한게임 자동 인스톨러
ABBYY FineReader 6.0 Sprint
Abyss Web Server X1 (remove only)
Adobe AIR
Adobe Flash Media Live Encoder 3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11
AhnLab MyKeyDefense 2.0
AhnLab Online Security
AhnLab Smart Update i
AIM 6
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutoUpdate
AviSynth 2.5
Bonjour
CDDRV_Installer
Choice Guard
ClientKeeper KeyPro with E2E for 32bit
CoreAAC Audio Decoder (remove only)
Counter-Strike
Counter-Strike: Source
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
Dell 도구 모음
Dell CinePlayer
Dell Resource CD
Dell V505
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DTS+AC3 Filter
erLT
Free Studio version 4.1
getPlus(R) for Adobe
GOM Player
Hex Workshop v6
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
iTunes
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 13
Java(TM) SE Development Kit 6 Update 7
Junk Mail filter update
KhalInstallWrapper
Logitech SetPoint
Mabinogi
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeChat
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Monster Hunter Frontier Online
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MySQL Server 6.0
MySQL Tools for 5.0
NetBeans IDE 6.1
NetmarbleSuddenAttack
NVIDIA Drivers
Pando Media Booster
Preconfigured PHP Package 5.2.2
QuickTime
Realtek AC'97 Audio
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Reply With Quote
  #8  
Old May 22nd, 2009, 09:13 AM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
Segoe UI
signGATE Certificate Management S/W v3.0
SignGATE EWS v2.9.2
Sonic Encoders
Sonic Update Manager
Soul of the Ultimate Nation Test
Sound Blaster X-Fi
Steam
SuddenAttack
System Requirements Lab
The KMPlayer (remove only)
Trend Micro PC-cillin Internet Security 12
Umile Encoder
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Viewpoint Media Player
Wanko to Kurasou English v1.0
Warcraft III
WC3Banlist
WebcamMax
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows ShopEnuri Uninstaller
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPcap 3.1
World of Warcraft
Xvid 1.1.3 final uninstall
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

2009-05-22 오전 1:05:29, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
2009-05-21 오후 7:30:11, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
2009-05-21 오후 5:13:50, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
2009-05-21 오후 5:12:21, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Zune Bus Enumerator service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2009-05-21 오후 5:12:21, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2009-05-21 오후 5:12:17, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
2009-05-21 오후 5:12:12, error: Service Control Manager [7031] - The Apple 모바일 장비 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-05-21 오후 5:12:09, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2009-05-21 오후 1:01:40, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57592 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.232.182:123) is working properly.
2009-05-20 오후 5:20:20, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s).
2009-05-20 오후 5:20:18, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
2009-05-20 오후 5:17:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
2009-05-20 오후 5:17:41, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-05-19 오후 12:33:20, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57590 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly.
2009-05-19 오후 1:26:41, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
2009-05-19 오후 1:26:39, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s).
2009-05-19 오후 1:26:35, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
2009-05-19 오후 1:26:28, error: Service Control Manager [7034] - The Bonjour 서비스 service terminated unexpectedly. It has done this 1 time(s).
2009-05-19 오후 1:26:26, error: Service Control Manager [7031] - The Apple 모바일 장비 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2009-05-19 오후 1:03:11, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57591 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly.
2009-05-19 오후 1:03:03, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
2009-05-19 오후 1:03:03, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-05-19 오전 9:45:42, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
2009-05-19 오전 9:45:42, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-05-19 오전 9:45:13, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001422570A77 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2009-05-18 오후 9:26:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
2009-05-18 오후 9:26:32, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-05-18 오후 12:34:27, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
2009-05-18 오후 12:34:27, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-05-17 오후 9:25:09, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57592 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly.
2009-05-17 오후 9:10:25, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2009-05-17 오후 9:10:08, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2009-05-17 오후 9:09:56, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldwCATSCustConnectService service to connect.
2009-05-17 오후 9:09:56, error: Service Control Manager [7000] - The dldwCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2009-05-15 오후 10:53:03, error: W32Time [34] - The time service has detected that the system time needs to be changed by +57592 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123) is working properly.

==== End Of File ===========================
Reply With Quote
  #9  
Old May 22nd, 2009, 09:41 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Download the latest version of Combofix.exe from here and save it to your C folder (C:\ComboFix.exe).

Doubleclick on combofix.exe and the scan will start (go ahead and install the Recovery Console if you are asked to do so). When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines.

Also download the latest version of Gmer from here to your Desktop. Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder

When you have done this, close all running programs including those in your notification area (bottom righthand corner of your screen) and doubleclick on Gmer.exe to run it. Click on the Rootkit tab and look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Save the file and copy the information and post it here please.

Warning! Please do not select the "Show all" checkbox during the scan
Reply With Quote
  #10  
Old May 22nd, 2009, 09:36 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
thank you again for helping me annmarie

ComboFix 09-05-22.01 - Jae Young Choi 2009-05-22 10:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2045.1548 [GMT 9:00]
Running from: c:\documents and settings\Jae Young Choi\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\01d00098f732f640c6a5c8d431515b46.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\049497fd8947e722ae04b02eab871c18.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\067a9fd1541da872bb757c3da6a33d92.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0783fa07a21528ab730a1df23334399c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0999dc9d92e75202025b885f39592438.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0ba4ed06c78b5997716890d067fe2f51.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0bb985ae9fc3a38262b3fd4c5cb03a3e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0ccc70e9bd23465e9e97d9445314fa13.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\0d5b5b246d05342352b6c776e1cf5212.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\11e75649feaf8ef009c4ed99aafe8310.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\1ba01a94a454af76ad1d723478b7127d.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\1ec397e7e85d3c521dc4c849c4e3ea0f.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\1f840d5d0d14655c624d157818b7003d.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\24c8b24d8a5c9889dac59d968fa1b8d8.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\251f27bb0e06e757f562bc1dc84a615f.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\25e9c02c9d769d249732f66e042c290e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\28358b19588cf08bbb5de8b51850fe3a.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\288a0b7430370eb282f72b7e015c3c9a.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\28e51fb50e37beadbd134e4ae50e8f63.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2a066ba87c16f28ec9819e3285252403.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2c5a2cabd3b78548df720c3ee90efb41.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2c86ccbe1c6e19b40bb8de244b0ba1e7.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2d0afc3654f0a438f23598fb84be758c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2dfb42d5ca2c7ccc627743d095dfbac9.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\2eacacaddf4a71fe74de2b3f14074ac6.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\354c633ff9bf6fb3ecfad0ad65113c47.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\366a8f1bc352313a1074df76fdbce056.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\393e4d90773d8bbc9b905d903b618bdf.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\397bc65516fb1e815aa106a3d14d5305.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\3c1498e5ef362e757dc43d17482960f3.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\3ca41046bcb79924498d631f343d4371.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\461b3a8e7cfacb0c812e36aed9447c6d.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\46ceb001bfdc384ffe00657d8c567973.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\46eb2cd25804a00a1f22c69c4020c7e5.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\47d1dba34092ceb5412ac6f70c51e606.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\485d27cb769c9983f17e3d9eb5d03c5c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\4b377d6eea3966e34c9a3ac2c647e5e5.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\4e216d83dc7da9779966ea4d31e236dd.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\4e6865e0bf7cf90244ce414917cc6556.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\51303604fcc7ede3ff317e6daac0c19a.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\52b483be9d71439ea530fb17638e5382.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\56613b7bd5cb1c3e01ecaa7a811022a9.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\59a83ef1238e50bddcc7caeb618d1824.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\59d3e0ea0c210c7674fea90f5382090c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\5af1fa38e21413b7b2f5c6371f706543.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\5c5edcfe25ff895bc5c6a8d734710c5c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\5f45a68915125fa8ad11a60ebffe29ee.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\6166b09fdf1ac1eaa1ae57a6eb20c03b.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\63eb5d17d60101356a7bbfdaae9afa57.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\654f8818ae39026c29f34808452fb02f.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\69482b1568b01b43c70d0ace76055f7e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\6ab204a5ef9f916fe93d527a421ffdda.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\741983fb8768fa4d118c8ca59f82bb83.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\7cef98e862160d452cf773da8f4e2064.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\7f1d8b588793a67a9e8271b309c497c8.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\82724e37ddf746e5c798c9541a83d990.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\877d5ef68d1b6d7922fd09e955289803.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\8abcdf24b4bfa351f3b767c4232c6d02.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\91a1315c3d05215b1504e5899d32b936.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9a40bf533c72981026081869543bbde2.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9a846edeab464b62f0f2a74c54059f0b.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9c5178781b9775c8036205fa67727330.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\9f9c2aa3ed1b1b0f922524c5a5260d1c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\a26ba057241a8c2ae219a8db7335f51c.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\a67e0c2d6a842bf89983192c7e42d7c7.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\a9583053db1a9b326763e99e2321c517.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ad63fa05a8e976a9e0939831eb5ba308.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b2c8a6ebad81932fcbe8461599d71865.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b527594c48bbaad67924ced89a416e20.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b86745632d1223fab788478c41828d9a.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\b88e5980318f9688b4348228079f4f04.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c25b7660062dfaf312f7142d2126cf2e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c2a9bad2a6f3c5b8aba800c2646abbf0.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c36f2f770b74dd9e49947e924f85eeea.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c636b5bf68f8ea6811c91dd569143b63.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\c73959eceda75ddf82609033ed2756e9.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ccbebc209ee7342ed2a62b6d6e996645.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d0d1583aaf54f587014b422167bddd89.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d41d8cd98f00b204e9800998ecf8427e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d7c0d1ef6446382c3f7bb71308ba122f.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d8c72d47eaed4bf47aa5d4f291a7c350.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\d909bf9e40d3de9bfa779059a90ff834.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\dc973701a6a9f218f60e389f479684db.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\dcc3ea4461b925db5858951892b5fa12.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\df0ea822d926c8fa5e9401e70f2cea67.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e09d50f5972f50e03ca6be41cf66e0b5.bmp

Last edited by JaeyoungC; May 22nd, 2009 at 09:45 PM.
Reply With Quote
  #11  
Old May 22nd, 2009, 09:36 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e261f32b2da3462f5a3f10d0e3cb11c7.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e52ee3c662672a47bf85d717ebb4ae8e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\e5c061252396f14b1dca59f288bf9c20.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ebc4635e6aeb6c62f3801a378bdfaa4d.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\ecb246b7273dc7466b406d7b8b10c09e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\f63720489499e58792f33295e3dfbf29.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\f9531b586c797615c6b11c5d9e8b7302.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\fd44d831ab115f692f560f8ea07c9868.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\fe5046d3ac6595d8f385d8a45126456e.bmp
c:\documents and settings\Jae Young Choi\Local Settings\Temporary Internet Files\fe6d388665fbc8cdfabaa8dc587839f7.bmp
c:\windows\system32\17466045.dll
c:\windows\system32\20614088.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-20 08:18 . 2009-05-20 08:36 24576 ----a-w c:\windows\system32\hijjeune.exe
2009-05-20 08:18 . 2009-05-20 08:31 36864 ----a-w c:\windows\system32\calwjfdj.exe
2009-05-20 08:18 . 2009-05-20 08:18 234833 ----a-w c:\windows\system32\rornhrnt.exe
2009-05-19 00:47 . 2009-05-19 07:46 299008 ------w c:\windows\system32\webemctl32.exe
2009-05-18 12:28 . 2009-05-18 12:28 -------- d-----w c:\documents and settings\All Users\Application Data\Webcammax
2009-05-18 12:27 . 2009-05-18 12:28 -------- d-----w c:\program files\WebcamMax
2009-05-18 04:09 . 2009-05-18 04:09 -------- d-----w c:\program files\Common Files\HanGameAvatar
2009-05-16 13:55 . 1998-07-21 15:00 102160 ------w c:\windows\system32\Vb6ko.dll
2009-05-16 13:55 . 2009-05-15 02:23 36864 ----a-w c:\windows\system32\hxgzboi.exe
2009-05-16 13:55 . 2009-05-15 02:21 36864 ----a-w c:\windows\system32\kbbvobmt.exe
2009-05-16 13:55 . 2009-05-14 09:05 249856 ----a-w c:\windows\system32\EsqBrowserUI.dll
2009-05-16 13:55 . 2009-05-16 13:55 2820696 ----a-w c:\windows\jomsmit8.exe
2009-05-15 05:03 . 2008-12-18 02:19 1796096 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ext ensions\justintvpublisher@justin.tv\platform\WINNT _x86-msvc\plugins\npjustintvpublish.dll
2009-05-14 03:02 . 2009-05-14 08:13 -------- d-----w C:\HanPurple
2009-05-14 03:02 . 2009-03-26 01:47 151552 ----a-w c:\windows\system32\PubPlugin.dll
2009-05-12 03:11 . 2009-05-21 10:31 12600 ----a-w c:\windows\system32\JRSUKD25.SYS
2009-05-12 03:11 . 2009-05-12 03:11 124216 ----a-w c:\windows\system32\CKAgent.exe
2009-05-12 02:45 . 2009-05-12 03:06 64 ----a-w c:\documents and settings\Jae Young Choi\Application Data\RenPy\persistent\act1.katawa-shoujo.com
2009-05-12 01:25 . 2009-05-12 01:25 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\RenPy
2009-05-10 16:02 . 2009-05-10 16:02 -------- d-----w c:\program files\Umile
2009-05-10 15:47 . 2008-11-10 04:37 296472 ----a-w c:\windows\system32\NaverFDL.exe
2009-05-08 16:15 . 2009-05-08 16:15 -------- d-----w c:\program files\AviSynth 2.5
2009-05-08 16:15 . 2009-05-08 16:15 -------- d-----w c:\program files\nzellsoft
2009-05-06 21:52 . 2009-05-17 13:01 -------- d-----w c:\program files\The KMPlayer
2009-05-06 20:43 . 2009-05-06 20:43 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\CyberLink
2009-05-06 20:43 . 2009-05-06 20:43 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\PowerCinema
2009-05-06 20:37 . 2009-05-06 20:37 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\PowerDVDCox
2009-05-06 20:37 . 2009-05-06 20:37 -------- d-----w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\PowerDVDCinema
2009-05-06 20:36 . 2009-05-06 20:36 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\CyberLink
2009-05-06 20:34 . 2009-05-06 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-05-06 20:34 . 2009-05-06 20:34 -------- d-----w c:\program files\Common Files\CyberLink
2009-05-06 20:32 . 2009-05-06 21:49 -------- d-----w c:\windows\SxsCaPendDel
2009-05-06 20:32 . 2009-05-06 20:31 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-05-06 20:32 . 2009-05-13 06:25 -------- d---a-w c:\documents and settings\All Users\Application Data\Temp
2009-05-06 20:32 . 2009-05-06 21:36 53319 ----a-w c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-06 06:03 . 2009-05-06 06:03 -------- d-----w C:\DVDVideoSoft
2009-05-06 06:01 . 2009-05-06 06:01 -------- d-----w c:\program files\AskBarDis
2009-05-06 06:00 . 2009-05-21 16:00 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-05-06 06:00 . 2009-05-06 06:00 -------- d-----w c:\program files\DVDVideoSoft
2009-04-28 06:58 . 2008-03-21 04:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-04-28 06:57 . 2009-04-28 07:03 -------- d-----w c:\program files\Zune
2009-04-28 06:56 . 2008-05-02 13:25 465920 -c----w c:\windows\system32\dllcache\imapi2fs.dll
2009-04-28 06:56 . 2008-05-02 13:25 465920 ------w c:\windows\system32\imapi2fs.dll
2009-04-28 06:56 . 2008-05-02 10:49 62976 -c----w c:\windows\system32\dllcache\cdrom.sys
2009-04-28 06:56 . 2008-05-02 13:25 317952 -c----w c:\windows\system32\dllcache\imapi2.dll
2009-04-28 06:56 . 2008-05-02 13:25 317952 ------w c:\windows\system32\imapi2.dll
2009-04-27 17:47 . 2009-04-27 17:47 -------- d-----w C:\Netgear
2009-04-27 08:50 . 2009-04-27 08:50 54800 ----a-w c:\windows\system32\CMStarter_Eng.dll
2009-04-27 08:50 . 2009-04-27 08:50 12490256 ----a-w c:\windows\system32\CMStarter_Kor.dll
2009-04-27 08:50 . 2009-04-27 08:50 329232 ----a-w c:\windows\system32\CMStarterCore.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-21 16:02 . 2008-12-18 22:00 -------- d-----w c:\program files\illusionsoft
2009-05-21 16:00 . 2008-12-16 04:37 -------- d-----w c:\program files\Illusion
2009-05-21 15:59 . 2008-11-21 10:48 -------- d-----w c:\program files\Neffy
2009-05-21 10:31 . 2008-11-21 10:44 34744 ----a-w c:\windows\system32\JRSKD24.sys
2009-05-21 09:58 . 2008-11-22 17:18 -------- d-----w c:\program files\Warcraft III
2009-05-21 02:01 . 2008-11-21 11:10 -------- d-----w c:\program files\Trend Micro
2009-05-16 13:55 . 2009-04-03 18:45 -------- d-----w c:\program files\ShopEnr
2009-05-15 04:54 . 2009-05-15 04:54 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\Webcammax
2009-05-14 08:13 . 2008-11-21 09:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-12 03:11 . 2009-04-01 02:45 632120 ----a-w c:\windows\system32\CKSetup32.exe
2009-05-10 16:03 . 2009-02-09 21:59 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\mIRC
2009-05-07 14:18 . 2009-02-02 23:28 -------- d-----w c:\program files\Steam
2009-05-06 21:28 . 2009-01-08 21:12 373488 ----a-w c:\documents and settings\All Users\Application Data\Nexon\NGM\NGMResource.dll
2009-05-06 20:31 . 2003-03-19 04:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-05-06 20:31 . 2003-02-21 12:42 353576 ----a-w c:\windows\system32\msvcr71.dll
2009-05-05 06:49 . 2008-11-22 06:38 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\LimeWire
2009-05-04 18:37 . 2008-11-21 11:31 -------- d-----w c:\program files\World of Warcraft
2009-05-03 04:13 . 2009-01-21 01:06 359 ----a-w c:\program files\DNFTestInstallPerformance.txt
2009-05-03 04:13 . 2009-01-18 02:13 -------- d-----w c:\program files\DNFTest
2009-04-28 07:06 . 2009-04-28 07:06 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_0 1_07_00.Wdf
2009-04-28 07:06 . 2009-04-28 07:06 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_010 07.Wdf
2009-04-28 07:05 . 2009-04-28 07:05 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00. Wdf
2009-04-28 07:03 . 2008-11-21 18:44 -------- d-----w c:\program files\Curse
2009-04-28 06:58 . 2009-04-28 06:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf
2009-04-28 06:58 . 2009-04-28 06:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
2009-04-27 17:45 . 2008-11-28 05:40 30192 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-23 00:39 . 2009-01-18 19:38 -------- d-----w c:\program files\Common Files\Adobe
2009-04-20 23:00 . 2008-12-23 01:12 -------- d-s---w c:\program files\Mabinogi_test
2009-04-18 04:21 . 2008-12-04 22:45 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\ESTsoft
2009-04-18 04:21 . 2009-04-18 04:21 -------- d-----w c:\documents and settings\All Users\Application Data\ESTsoft
2009-04-18 04:21 . 2008-12-04 22:45 -------- d-----w c:\program files\ESTsoft
2009-04-18 00:48 . 2009-04-18 00:48 137 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\fusioncache.dat
2009-04-18 00:38 . 2009-04-18 00:38 -------- d-----w c:\program files\Microsoft LifeChat
2009-04-18 00:34 . 2009-04-18 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-18 00:34 . 2009-04-18 00:34 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\Logitech
2009-04-18 00:33 . 2009-04-18 00:33 53248 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-04-18 00:33 . 2009-04-18 00:30 -------- d-----w c:\program files\Common Files\Logishrd
2009-04-18 00:32 . 2009-04-18 00:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_0 1005.Wdf
2009-04-18 00:32 . 2009-04-18 00:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_0 1005.Wdf
2009-04-18 00:32 . 2009-04-18 00:32 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2009-04-18 00:30 . 2009-04-18 00:30 -------- d-----w c:\program files\Logitech
2009-04-18 00:30 . 2009-04-18 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-16 05:06 . 2009-04-16 05:06 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\acccore
2009-04-16 05:06 . 2009-04-16 05:04 -------- d-----w c:\program files\AIM6
2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\program files\Viewpoint
2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-16 05:05 . 2009-04-16 05:05 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-04-16 05:04 . 2009-04-16 05:04 -------- d-----w c:\program files\Common Files\AOL
2009-04-16 02:12 . 2009-04-11 04:07 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\MySQL
2009-04-11 08:23 . 2009-04-11 08:23 57344 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-1ad65dee-n\Decora-SSE.dll
2009-04-11 08:23 . 2009-04-11 08:23 24064 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-6477a5ce-n\Decora-D3D.dll
2009-04-11 08:23 . 2009-04-11 08:23 315392 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7a08e684-n\jogl.dll
2009-04-11 08:23 . 2009-04-11 08:23 20480 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7a08e684-n\jogl_awt.dll
2009-04-11 08:23 . 2009-04-11 08:23 20480 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3133860e-n\gluegen-rt.dll
2009-04-11 08:23 . 2009-04-11 08:23 114688 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-7a08e684-n\jogl_cg.dll
2009-04-11 08:23 . 2009-04-11 08:23 499712 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-14c353d3-n\msvcp71.dll
2009-04-11 08:23 . 2009-04-11 08:23 499712 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-14c353d3-n\jmc.dll
2009-04-11 08:23 . 2009-04-11 08:23 348160 ----a-w c:\documents and settings\Jae Young Choi\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-14c353d3-n\msvcr71.dll
2009-04-11 08:18 . 2009-04-11 08:18 -------- d-----w c:\program files\Sun
2009-04-11 08:17 . 2008-11-22 06:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-11 08:15 . 2008-11-22 06:37 -------- d-----w c:\program files\Java
2009-04-11 05:50 . 2009-04-11 05:50 -------- d-----w c:\documents and settings\Jae Young Choi\Application Data\Nexon
2009-04-11 05:41 . 2009-04-11 05:41 45056 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{7A512A34-F4E8-43C4-BD80-43A022B31BF6}\MapleStory.exe1_7A512A34F4E843C4BD80 43A022B31BF6.exe
2009-04-11 05:41 . 2009-04-11 05:41 45056 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{7A512A34-F4E8-43C4-BD80-43A022B31BF6}\MapleStory.exe_7A512A34F4E843C4BD804 3A022B31BF6.exe
2009-04-11 05:41 . 2009-04-11 05:41 10134 ----a-r c:\documents and settings\Jae Young Choi\Application Data\Microsoft\Installer\{7A512A34-F4E8-43C4-BD80-43A022B31BF6}\ARPPRODUCTICON.exe
2009-04-11 03:17 . 2009-04-11 03:17 -------- d-----w c:\program files\Common Files\Java
2009-04-11 02:18 . 2009-04-11 02:18 6069144 ----a-w c:\documents and settings\Jae Young Choi\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip742. exe
2009-04-08 21:07 . 2009-04-03 18:44 -------- d-----w c:\program files\Click To Tweak [Basic]
2009-04-07 05:31 . 2008-11-21 17:07 -------- d-----w c:\program files\DNF
2009-04-06 20:19 . 2009-04-06 19:57 -------- d-----w c:\program files\Wizet
2009-04-03 18:45 . 2009-04-03 18:45 -------- d-----w c:\program files\OnTip
2009-04-01 02:50 . 2009-04-01 02:40 -------- d-----w c:\program files\NATEON
2009-04-01 02:40 . 2009-04-01 02:40 -------- d-----w c:\program files\Nate
2009-04-01 00:36 . 2009-04-01 00:36 541968 ----a-w c:\documents and settings\All Users\Application Data\ESTsoft\ALSee\ALAd.dll
2009-03-26 17:55 . 2009-03-17 06:44 864256 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\DnFLogInAgent.exe
2009-03-26 03:42 . 2009-03-26 03:42 -------- d-----w c:\program files\DtsFilter
2009-03-25 07:29 . 2009-03-25 07:29 369936 ----a-w c:\documents and settings\All Users\Application Data\ESTsoft\ALCM\ALCMUpdate.exe
2009-03-24 03:27 . 2009-03-24 03:27 5972968 ----a-w c:\documents and settings\Jae Young Choi\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip741. exe
2009-03-17 06:44 . 2009-03-17 06:44 286720 ----a-w c:\documents and settings\Jae Young Choi\Local Settings\Application Data\NeopleLogInAgentIns.exe
2009-03-15 00:45 . 2009-03-15 00:45 36864 ----a-w c:\windows\system32\iikwzdsy.exe
2009-03-10 18:55 . 2008-12-22 23:48 131456 ----a-w c:\windows\system32\drivers\Mkd2kfNT.sys
2009-03-10 12:21 . 2009-03-10 12:21 1086144 ----a-w c:\windows\system32\NaverAXGuide.exe
2009-03-09 07:38 . 2008-12-03 07:41 102400 ----a-w c:\windows\system32\CKComObj.dll
2009-03-09 07:07 . 2008-12-03 07:41 312632 ----a-w c:\windows\system32\XecureCK.dll
2009-03-09 07:07 . 2008-11-21 10:44 79160 ----a-w c:\windows\system32\Jrsoftcp.dll
2009-03-09 07:07 . 2008-11-21 10:44 124216 ----a-w c:\windows\system32\CKApp.dll
2009-03-06 14:22 . 2004-08-10 11:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 11:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 08:29 . 2008-11-23 09:04 552960 ---ha-w c:\documents and settings\Jae Young Choi\Application Data\Hangame\hgstarter.exe
2009-01-17 08:02 . 2009-01-17 08:02 73 ----a-w c:\program files\Log.txt
2009-01-17 08:02 . 2009-01-17 07:44 106 ----a-w c:\program files\AudiLog.txt
2009-01-17 07:56 . 2009-01-17 07:56 18 ----a-w c:\program files\filecheck.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 01:32 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE8D781C-615D-48B7-9DC8-AF05B1537769}]
Reply With Quote
  #12  
Old May 22nd, 2009, 09:37 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
2009-05-14 09:05 249856 ----a-w c:\windows\system32\EsqBrowserUI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-23 823362]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2004-07-28 221184]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-10-07 86016]
"ntasvr"="c:\program files\Nate\AddressSearch\ntasvr.exe" [2009-04-10 136568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-11 148888]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="calwjfdj.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 15:30 72208 ----a-w c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"SeaPort"=2 (0x2)
"rpcapd"=3 (0x3)
"MySQL"=2 (0x2)
"MSDTCT"=2 (0x2)
"iPod Service"=3 (0x3)
"fsssvc"=3 (0x3)
"dldw_device"=2 (0x2)
"dldwCATSCustConnectService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"=
"c:\\Nexon\\NexonPlug\\NMService.exe"=
"c:\\Program Files\\TalesWeaverTest\\InphaseNXD.EXE"=
"c:\\Program Files\\Dell V505\\dldwamon.exe"=
"c:\\Program Files\\Dell V505\\FRun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\WINDOWS\\system32\\dldwcoms.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"56445:TCP"= 56445:TCP:Pando Media Booster
"56445:UDP"= 56445:UDP:Pando Media Booster

R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-05-15 오후 1:54 1051136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-02-21 오전 9:39 55152]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxp flt.sys [2005-02-19 오전 10:04 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-23 오후 12:31 290889]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpr eflt.sys [2005-02-19 오전 10:04 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-04-26 오전 8:41 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-04-16 오후 2:05 24652]
R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2009-05-12 오후 12:11 12600]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-02-03 오후 5:26 33752]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-11-21 오후 7:44 34744]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-11-21 오후 7:44 6784]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2 kfNT.sys [2008-12-23 오전 8:48 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2 Nadr.sys [2008-12-23 오전 8:48 79104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-03 오전 6:10 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-01-13 오전 5:54 19504]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-01-13 오전 5:54 83160]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sy s --> c:\windows\system32\XDva225.sys [?]
S4 dldw_device;dldw_device;c:\windows\system32\dldwco ms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
S4 dldwCATSCustConnectService;dldwCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\dld wserv.exe [2009-02-04 오전 5:27 99568]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 오후 6:08 533360]
S4 MSDTCT;Distributed Transaction;c:\windows\system32\hxgzboi.exe [2009-05-16 오후 10:55 36864]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ProxyFirewall - c:\program files\ProxyFirewall\ProxyFirewall.exe
HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 128.223.8.112:3124
Trusted Zone: d-fighter.com
Trusted Zone: d-fighter.com\www
Trusted Zone: nexon.com\df
Trusted Zone: nexon.com\df.nexon.com,dflogin.nexon.com,login.df
Trusted Zone: nexon.com\dflogin
Trusted Zone: nexon.com\login.df
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cab
DPF: {17E9F830-9CFB-4381-BFDA-A25C6C7DCD2C} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab
DPF: {270EC7A6-4096-469B-865C-F9678A2C742B} - hxxp://www.payzone.co.kr/EasyPayX/EasyPayX.cab
DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - hxxp://s.nx.com/activex/public_new/nxpm.cab
DPF: {318CA127-12CF-4386-B2F1-564D0600E6C9} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/installer/dnf_first.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://tales.nexon.com/tales2/pds/tales/AddOn.cab
DPF: {39BC8B20-FB5A-43E5-9EBC-E637B700859E} - hxxp://sunonline.hangame.com/WebRun/CommonWebStarter.cab
DPF: {65132E5B-B5AD-4AF2-A98A-09F52E51810C} - hxxp://www.nanmola.com/mmsv/NanmolaControl.CAB
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2008.1.8.cab
DPF: {8852138D-88A9-4836-B2EA-7DCEBCAA46B5} - hxxp://www.mabinogi.com/c3/Common/mabisrm.cab
DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxps://www.wonderking.co.kr/gamestart/wk_setup.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9542B8D8-F8F1-449A-9FA4-833C846E7B51} - hxxp://www.nanmola.com/mmsv/NanMolaControl.CAB
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E}
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
DPF: {A2086024-A082-453D-BFBA-0B29B2C7ABFB} - hxxp://d-fighter.nefficient.co.kr/samsungdnf/neople/dnf_hg/installer/dnf_real.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} - hxxp://download.signgate.com/download/certmgt/AxSignGATE.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab
DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} - hxxp://download.netmarble.net/web/NMGameCheck/NetmarbleDownloaderEx.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab
FF - ProfilePath - c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
FF - plugin: c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ext ensions\AcqVPlayer@sanstream.co.jp\plugins\npAcqVP layer.dll
FF - plugin: c:\documents and settings\Jae Young Choi\Application Data\Mozilla\Firefox\Profiles\e9z3iikb.default\ext ensions\justintvpublisher@justin.tv\platform\WINNT _x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M ySQL]
"ImagePath"="\"f:\program files\MySQL\MySQL Server 6.0\bin\mysqld\" --defaults-file=\"f:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1343024091-839522115-1003\Software\Microsoft\MessengerService\GroupStat eCacheU\*촴?
"Name"=hex:00,ac,71,c8,00,00
"Collapsed"=hex:01,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2128)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~3\wmpband.dll
Reply With Quote
  #13  
Old May 22nd, 2009, 09:37 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Baram\npk\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\webemctl32.exe
.
************************************************** ************************
.
Completion time: 2009-05-22 10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 01:55

Pre-Run: 115,641,282,560 bytes free
Post-Run: 117,118,267,392 bytes free

477 --- E O F --- 2009-05-12 18:02
Reply With Quote
  #14  
Old May 22nd, 2009, 09:39 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 13:36:02
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spyh.sys ZwCreateKey [0xF74D70E0]
SSDT spyh.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spyh.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spyh.sys ZwOpenKey [0xF74D70C0]
SSDT spyh.sys ZwQueryKey [0xF74F6108]
SSDT spyh.sys ZwQueryValueKey [0xF74F5F88]
SSDT spyh.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 8A81CBF8
INT 0x63 ? 8A7D3BF8
INT 0x73 ? 8A7D3BF8
INT 0xA4 ? 8A81BBF8

Code \??\C:\DOCUME~1\JAEYOU~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? spyh.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B87CB8AC 5 Bytes JMP 8A81B1D8
.text asf51kuy.SYS B82A3386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text asf51kuy.SYS B82A33AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text asf51kuy.SYS B82A33C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text asf51kuy.SYS B82A33C9 1 Byte [2E]
.text asf51kuy.SYS B82A33C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\DOCUME~1\JAEYOU~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A81F2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spyh.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spyh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spyh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spyh.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A81B2D8
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
Reply With Quote
  #15  
Old May 22nd, 2009, 09:41 PM
JaeyoungC JaeyoungC is offline
Member
 
Join Date: May 2009
Posts: 48
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\asf51kuy.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
pop ups! hjt log included shengled Malware Removal 12 December 19th, 2007 10:30 PM
Pop-ups, log included Maykay Malware Removal 12 August 16th, 2007 11:58 PM
I really need help :( HJT LOG INCLUDED windoo Malware Removal 13 June 30th, 2006 11:13 AM
IST hjk log included flukieireland Malware Removal 1 February 15th, 2005 07:10 PM
Another try -- HT log included arcee Malware Removal 2 December 7th, 2004 06:03 PM


All times are GMT +1. The time now is 01:52 AM.