Solved V3 and Alyac Unresponsive to Virus

oneofnine · 2010/08/30

[Resolved] V3 and Alyac Unresponsive to Virus

Hello everyone. I am new to this forum and online forums in general. I am not very knowledgeable about computers and software, which is why I've come here to seek your advice and help.

Please allow me to post a detailed account of the day:

I was using Estsoft's AlYak this morning and it found one virus labeled "Win32.Loader.O ". I pressed the "treat" button several times, but my computer rebooted in all instances.

Afterwards I downloaded AhLab's V3 Lite and re-scanned.
It gave me 6 items for treatment:
-Trojan/Win32.Patched | C:\\WINDOWS\\explorer.exe
-Trojan/Win32.Patched | C:\\WINDOWS\\system32\\winlogon.exe
-Trojan/Win32.Patched | C:\\WINDOWS\\EXPLORER.EXE
-Trojan/Win32.Patched | C:\\WINDOWS\\SYSTEM32\\WINLOGON.EXE
-Trojan/Win32.Patched | C:\\WINDOWS\\Explorer.EXE
-Trojan/Win32.Patched | C:\\WINDOWS\\Explorer.exe

When I pressed the "treat" button for V3 a pop-up mentioned that it would not be able to treat the issue because of these three reasons (translated from Korean):
1. Your setting is either on "Leave the issue for now. "
2. It has already been treated.
3. It cannot be treated.

Thus, I began searching on Naver and Google for any results that contained "Win32.Loader.O ". I came across a thread titled "[Resolved] Antimalware Doctor Inc" first posted by Living Life. The subject matter seemed relevant to learning more about what was affecting my PC, and I even tried following and downloading software that seemed routine to a solution. I don't know if that was the right thing to do, but I went ahead anyway.

Kapersky Online Scanner would not work giving this error message:

---
"Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: File operation failure] "
---

I followed up to Broni's post mentioning virustotal.com on the "[Resolved] Antimalware Doctor Inc" thread. I did a scan for the file name "winlogon.exe" on my PC, as I couldn't search what Broni had recommended to Living Life. The results were 20(red)/40 (48.4%). Whatever the problem was, it didn't look to nice and I felt powerless and thought that there was nothing more I could do. Next, I looked over this forum and signed in.

This ends my account. DDS and Attach below. Thanks.

oneofnine · 2010/08/30

DDS (Ver_10-03-17.01) - NTFSx86
Run by 유민우 at 19:45:24.59 on 2010-08-30
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.2006.1075 [GMT 9:00]

AV: V3 Lite *On-access scanning enabled* (Updated) {A5B78720-5B41-4D39-B70F-131ABDA6F977}
AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NAT Service\natsvc.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KT\ConnectionManager\ConnectionManager.exe
C:\Program Files\KT\ConnectionManager\RUNNSP.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\유민우\바탕 화면\SystemLook.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\유민우\바탕 화면\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.naver.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader 링크 도우미: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\documents and settings\유민우\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TrackPointSrv] tp4serv.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe "
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe "
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [AhnLab V3Lite Tray Process] "c:\program files\ahnlab\v3lite\V3LTray.exe" /logon
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
dRun: [ctfmon.exe] ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\시작메~1\프로그램\시작프~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\시작메~1\프로그램\시작프~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\시작메~1\프로그램\시작프~1\bttray.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\시작메~1\프로그램\시작프~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bluetooth 장치로 보내기(&B)... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmall?method=Xsite&tid=1000105205
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hometax.go.kr
Trusted Zone: iros.go.kr\www
DPF: {054BF5DC-6052-4235-9DB4-7CCDC28CF8B4} - hxxps://nxpartners.okcashbag.com/itrs/meps/ITRSClient.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
DPF: {1C8143AB-92ED-4C3C-A641-B5664530ED9F} - hxxp://www.iros.go.kr/icis/IPRTCrsIgmPrintX.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxp://plugin.inicis.com/wallet61/INIwallet61.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {29A84C9B-9AC0-4A18-B0D7-60571B0E88CE} - hxxp://www.11st.co.kr/ocx/SKSCmaker.cab
DPF: {2BAD742D-7CC8-496D-9181-EE8A2CF873BD} - hxxp://www.cfolder.co.kr/app2/NewCabs/CFolderLauncher.cab
DPF: {325A2282-C738-4265-B43D-587926879609} - hxxp://www.iros.go.kr/iris/TrustedZoneCtrl.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxps://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4.cab
DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
DPF: {3B780B78-73B9-49B8-9630-3E60EDE61C73} - hxxp://www.wooribank.com/download/RDServer/MaDownloadRD.cab
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} - hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} - hxxp://download.kbstar.com/package/ibz/xgrid/KBXGridInstall.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab
DPF: {49A572CA-62B0-4C57-9138-C9F546C84097} - hxxp://cybermap.co.kr/company/kyochon/CYBERMAP_ASP_KYOCHON.cab
DPF: {5372AA29-8474-4679-B89E-CDEFBB78DB2E} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/BTWSSOClientForNTSItg.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {646D956E-6E48-4F84-98F9-67627A4D222A} - hxxp://www.diskman.co.kr/cab/20100426/dmudctrl.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3023_32k.cab
DPF: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://emailweb.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab
DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} - hxxp://imgcdn.pandora.tv/pan_img/app/FirstLoad1.0.0.3.cab
DPF: {834C7234-C9D7-4129-8D38-DF25EE3D265F} - hxxp://www.cybermap.co.kr/cm2000/company2/postoffice/CYBERMAP_ASP2_POSTOFFICE.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} - hxxp://dl.ipop.co.kr/ipop/ipopx.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} - hxxp://pgdownload.dacom.net/lgdacom/LGDacomXPayUpdater.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://www.tworld.co.kr/common/cab/ewsinstaller_full.exe
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} - hxxp://www.esero.go.kr/CodeSign/INISAFEMailv4_9.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://mall.shinsegae.com/interface/object/BankPayEFT.cab
DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} - hxxp://www.iros.go.kr/iris/MaPrintInfoCourt.cab
DPF: {B795470F-8985-4868-97A0-FA0EA5F96FD1} - hxxp://platform.nx.com/ActiveX/nximg3.cab
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1020.cab
DPF: {C5D387A6-2770-432F-A5D7-5E886BED167F} - hxxp://emailimg.sktelecom.com/webprint/WebPriLoader_v1007.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {CF392830-663F-11D5-89EE-000086551DF6} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cyber/npkcx_1005031.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxp://download.kbstar.com/security/nprotect/netizenv4/npz.cab
DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} - hxxps://pay.kcp.co.kr/plugin/file/payplus.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.tworld.co.kr/initech/plugin/down/INIS50.cab
DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} - hxxp://www.wooribank.com/download/RDServer/SmartUpdate.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd ACGina

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [2009-5-5 95592]
R2 NATService;NATService;c:\program files\nat service\natsvc.exe [2010-5-11 522240]
R2 NespotP;Nespot EAPoL Protocol;c:\windows\system32\drivers\nespot.sys [2010-5-1 14774]
R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-8-18 31840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-14 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2010-8-30 52800]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2010-8-30 1426392]
R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3lite\ASZFltNt.sys [2010-8-30 124480]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2009-5-5 19616]
R3 MeDCoreD_V3LITE;MeDCoreD_V3LITE;c:\program files\ahnlab\v3lite\MeDCoreD.sys [2010-8-30 106480]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-5-5 13840]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
R3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2010-8-30 1881560]
R3 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3lite\V3Flt2K.sys [2010-8-30 147424]
R3 VPDrvNt;VPDrvNt;c:\program files\ahnlab\v3lite\VPDrvNt.sys [2010-8-30 121440]
S2 6360CF3C;6360CF3C;c:\windows\system32\924a53a8.exe -k --> c:\windows\system32\924A53A8.EXE -k [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 V3 Lite Service;V3 Lite Service;c:\program files\ahnlab\v3lite\V3LSvc.exe [2010-8-30 293592]
S3 AhnFlt2k;AhnFlt2k;c:\windows\system32\drivers\AhnFlt2k.sys [2010-8-30 52928]
S3 AhnRec2k;AhnRec2k;c:\windows\system32\drivers\AhnRec2k.sys [2010-8-30 20416]
S3 ATamptNt_V3LITE;ATamptNt_V3LITE;c:\progra~1\ahnlab\v3lite\ATamptNt.sys [2010-8-30 112608]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\estsoft\alyac\AYDrvSP.sys [2008-12-18 24312]
S3 GoogleDesktopManager-051210-111108;Google 데스크톱 관리자 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-6-6 30192]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2009-5-5 37944]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-2-22 126048]
S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2009-5-5 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2009-5-5 121536]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-5-4 71264]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-5-4 61792]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]

=============== Created Last 30 ================

2010-08-30 08:18:07 0 d-----w- c:\windows\system32\nprotect
2010-08-30 06:04:03 0 d-----w- C:\_OTL
2010-08-30 05:43:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 05:43:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 05:43:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 05:43:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-29 20:11:09 1881560 ----a-w- c:\windows\system32\drivers\v3engine.sys
2010-08-29 20:11:08 1426392 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2010-08-29 20:07:59 0 d-----w- c:\program files\common files\AhnLab
2010-08-29 20:07:51 87648 ----a-w- c:\windows\system32\drivers\AMonTDLH.sys
2010-08-29 20:07:51 52928 ----a-w- c:\windows\system32\drivers\AhnFlt2k.sys
2010-08-29 20:07:51 52800 ----a-w- c:\windows\system32\drivers\AhnRghNt.sys
2010-08-29 20:07:51 20416 ----a-w- c:\windows\system32\drivers\AhnRec2k.sys
2010-08-29 20:07:38 0 d-----w- c:\docume~1\alluse~1\applic~1\AhnLab
2010-08-22 07:40:16 0 d--h--w- c:\windows\PIF
2010-08-21 02:37:30 0 d-----r- c:\program files\Skype
2010-08-16 06:14:19 24 ----a-w- c:\windows\system32\scskConfigEH.ini
2010-08-13 02:54:52 0 d-----w- c:\program files\nzellsoft
2010-08-12 08:48:43 0 d-----w- c:\program files\iPod
2010-08-12 08:46:57 0 d-----w- c:\program files\iTunes
2010-08-12 08:46:57 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-12 02:32:20 328 ----a-w- c:\documents and settings\유민우\symkeys.dat
2010-08-12 02:32:19 4824 ----a-w- c:\documents and settings\유민우\encobject.dat

==================== Find3M ====================

2010-08-30 08:19:02 37944 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-08-30 08:19:02 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-08-30 08:19:02 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-08-23 08:58:08 2040216 ----a-w- c:\windows\AllatPayRE.dll
2010-08-19 13:42:00 21114 ----a-w- c:\windows\system32\teexcept.dat
2010-08-16 13:02:00 2142491 ----a-w- c:\windows\system32\npmonz.exe
2010-08-11 12:18:07 72912 ----a-w- c:\windows\system32\perfc012.dat
2010-08-11 12:18:07 243884 ----a-w- c:\windows\system32\perfh012.dat
2010-08-04 06:27:30 70040 ----a-w- c:\windows\AllatKeyIn.exe
2010-08-01 05:45:56 6750208 ----a-w- c:\windows\system32\KvpVcmd.dll
2010-07-28 08:26:04 300568 ----a-w- c:\windows\system32\NaverFDL.exe
2010-07-28 03:33:44 127488 ----a-w- c:\windows\system32\Qrdll.dll
2010-07-27 06:29:42 8356864 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-20 12:51:50 426270 ----a-w- c:\windows\system32\npeutilex.dll
2010-07-17 07:24:03 1205544 ----a-w- c:\windows\system32\ISPPopUpDlg.exe
2010-07-16 20:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:13:46 120184 ----a-w- c:\windows\system32\KCPPaymentUX.dll
2010-07-15 04:16:54 135168 ----a-w- c:\windows\system32\kcp_ansimclick.dll
2010-07-09 05:02:29 1784576 ----a-w- c:\windows\system32\SCSKMemLink.dll
2010-07-07 09:08:26 36864 ----a-w- c:\windows\system32\XAntiRE_C.dll
2010-07-05 01:36:12 647248 ----a-w- c:\windows\system32\IPRTCrsIgmPrintM.dll
2010-07-02 09:08:12 61440 ----a-w- c:\windows\system32\MaCourtPrintInfo.dll
2010-06-30 12:31:16 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:16 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:03 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:03 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:02 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:00 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:22:00 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:22:00 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:59 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-24 09:01:57 1851520 ----a-w- c:\windows\system32\win32k.sys
2010-06-24 09:01:57 1851520 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-24 08:52:00 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-23 15:13:55 50026 ----a-w- c:\windows\system32\Uninstall_11stSC.exe
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-19 07:09:36 263176 ----a-w- c:\windows\system32\Downloader.exe
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 07:48:14 1324568 ----a-w- c:\windows\system32\SCSKAppLink.dll
2010-06-16 02:47:22 242360 ----a-w- c:\windows\system32\TeCtrl.dll
2010-06-15 01:31:34 265672 ----a-w- c:\windows\system32\MaPrintInfoCourt.dat
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:34 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:34 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-09 14:12:12 207456 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-06-07 08:13:36 484928 ----a-w- c:\windows\system32\SGHSMKey.dll
2010-06-07 08:13:32 906816 ----a-w- c:\windows\system32\ps_ntscrypto.dll
2010-06-07 08:13:30 288320 ----a-w- c:\windows\system32\ps_dlglib.dll
2010-06-07 08:13:26 75328 ----a-w- c:\windows\system32\ps_nts.dll
2010-06-07 05:42:44 241664 ----a-w- c:\windows\system32\PubCertDlg.dll
2009-08-13 17:30:41 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-04 07:23:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009050420090505\index.dat
2009-05-08 11:09:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009050820090509\index.dat

============= FINISH: 19:45:39.82 ===============

oneofnine · 2010/08/30

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-05-04 오후 4:26:47
System Uptime: 2010-08-30 오후 6:56:52 (1 hours ago)

Motherboard: LENOVO | | 7668A18
Processor: Intel(R) Core(TM)2 Duo CPU L7700 @ 1.80GHz | None | 1184/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 229 GiB total, 3.973 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2010-08-30 오전 4:28:05 - 시스템 검사점
RP2: 2010-08-30 오후 2:19:33 - OTL Restore Point
RP3: 2010-08-30 오후 2:57:25 - 설치됨 Java(TM) 6 Update 21
RP4: 2010-08-30 오후 6:03:37 - OTL Restore Point

==== Installed Programs ======================

곰플레이어
곰TV 플러그인
네이버 ActiveX 가이드
네이트온
네이트온 간단 메일 저장
쇼핑 스트리트, 11번가 도구모음 아이콘
알약
알집
알툴즈 업데이트
인텔(R) PROSet/무선 소프트웨어
전자민원G4C 민원발급프로그램 3.0
팝폴더 다운로드 큐
한게임 자동 인스톨러
한국사이버결제(Payplus 플러그인)
한글 2002
Access Help
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Recommended Settings
Adobe Color NA Extra Settings
Adobe ConnectNow Add-in
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8 - Korean
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AhnLab Online Security
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 4.7
Bonjour
BTW SSO Client for 국세청통합인증(v3.0.4.0)
Canopus DV File Converter
CCleaner (remove only)
CFolderRush
Client Security Solution
ClientKeeper KeyPro with E2E for 32bit
CoreAAC Audio Decoder (remove only)
Diskeeper Lite
DTS+AC3 필터
Facebook Plug-In
GanttProject 2.0.10
Google 데스크톱
Google 크롬
Google Calendar Sync
Help Center
High Definition Audio - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
INISAFE Mail v4
INISafeWeb 5.0
INISafeWeb 6.0
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IssacWebProCMS_DE
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
KT NESPOT CM
MaDownloadRD(remove only)
Maintenance Manager
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 한국어 언어 팩
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 언어 팩 - 한국어
Microsoft .NET Framework 2.0 Language Pack - KOR
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Korean) 2007
Microsoft Office Excel MUI (Korean) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office InfoPath MUI (Korean) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Korean) 2007
Microsoft Office PowerPoint MUI (Korean) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proofing (Korean) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Korean) 2007
Microsoft Office Shared MUI (Korean) 2007
Microsoft Office Word MUI (Korean) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (Korean) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.5.11)
MPEG2코덱(libmpeg2/mad)
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
NAT Service 1.5
npPCStatus
nProtect KeyCrypt
nProtect Netizen(remove only)
OGA Notifier 2.0.0048.0
On Screen Display
PDF Settings
Picasa 3
Presentation Director
QuickTime
Real Alternative 1.9.0 Lite
Rescue and Recovery
Roxio Media Manager
Samsung CLP-310 Series
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Segoe UI
SignGATE EWS v3.0
Skype Toolbars
Skypeâ„¢ 4.2
SoftCamp Secure KeyStroke 4.0
SoulSeek 157 NS 13d
SoundMAX
Step by Step Interactive Training용 보안 업데이트(KB898458)
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkPad용 Productivity Center Supplement
ThinkVantage 지문 인식 소프트웨어 5.6
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TweetDeck
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2279264)
V3 Lite
VP6 VFW Codec
Wallpapers
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 7용 보안 업데이트 (KB929969)
Windows Internet Explorer 7용 보안 업데이트 (KB938127-v2)
Windows Internet Explorer 7용 보안 업데이트 (KB963027)
Windows Internet Explorer 7용 보안 업데이트 (KB969897)
Windows Internet Explorer 8
Windows Internet Explorer 8용 보안 업데이트 (KB2183461)
Windows Internet Explorer 8용 보안 업데이트 (KB969897)
Windows Internet Explorer 8용 보안 업데이트 (KB971961)
Windows Internet Explorer 8용 보안 업데이트 (KB972260)
Windows Internet Explorer 8용 보안 업데이트 (KB974455)
Windows Internet Explorer 8용 보안 업데이트 (KB976325)
Windows Internet Explorer 8용 보안 업데이트 (KB978207)
Windows Internet Explorer 8용 보안 업데이트 (KB981332)
Windows Internet Explorer 8용 보안 업데이트 (KB982381)
Windows Internet Explorer 8용 업데이트 (KB972636)
Windows Internet Explorer 8용 업데이트 (KB976662)
Windows Internet Explorer 8용 업데이트 (KB976749)
Windows Internet Explorer 8용 업데이트 (KB980182)
Windows Live 업로드 도구
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media 인코더 보안 업데이트(KB954156)
Windows Media 인코더 보안 업데이트(KB979332)
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 보안 업데이트(KB917734)
Windows Media Player 10 보안 업데이트(KB936782)
Windows Media Player 보안 업데이트(KB911564)
Windows Media Player 보안 업데이트(KB952069)
Windows Media Player 보안 업데이트(KB954155)
Windows Media Player 보안 업데이트(KB968816)
Windows Media Player 보안 업데이트(KB973540)
Windows Media Player 보안 업데이트(KB978695)
Windows XP 보안 업데이트(KB923689)
Windows XP 보안 업데이트(KB941569)
Windows XP Service Pack 3
Windows XP용 보안 업데이트 (KB2079403)
Windows XP용 보안 업데이트 (KB2115168)
Windows XP용 보안 업데이트 (KB2160329)
Windows XP용 보안 업데이트 (KB2229593)
Windows XP용 보안 업데이트 (KB2286198)
Windows XP용 보안 업데이트 (KB923561)
Windows XP용 보안 업데이트 (KB938464-v2)
Windows XP용 보안 업데이트 (KB946648)
Windows XP용 보안 업데이트 (KB950760)
Windows XP용 보안 업데이트 (KB950762)
Windows XP용 보안 업데이트 (KB950974)
Windows XP용 보안 업데이트 (KB951066)
Windows XP용 보안 업데이트 (KB951376-v2)
Windows XP용 보안 업데이트 (KB951748)
Windows XP용 보안 업데이트 (KB952004)
Windows XP용 보안 업데이트 (KB952954)
Windows XP용 보안 업데이트 (KB954600)
Windows XP용 보안 업데이트 (KB955069)
Windows XP용 보안 업데이트 (KB956572)
Windows XP용 보안 업데이트 (KB956744)
Windows XP용 보안 업데이트 (KB956802)
Windows XP용 보안 업데이트 (KB956803)
Windows XP용 보안 업데이트 (KB956844)
Windows XP용 보안 업데이트 (KB957097)
Windows XP용 보안 업데이트 (KB958644)
Windows XP용 보안 업데이트 (KB958687)
Windows XP용 보안 업데이트 (KB958690)
Windows XP용 보안 업데이트 (KB958869)
Windows XP용 보안 업데이트 (KB959426)
Windows XP용 보안 업데이트 (KB960225)
Windows XP용 보안 업데이트 (KB960715)
Windows XP용 보안 업데이트 (KB960803)
Windows XP용 보안 업데이트 (KB960859)
Windows XP용 보안 업데이트 (KB961371)
Windows XP용 보안 업데이트 (KB961373)
Windows XP용 보안 업데이트 (KB961501)
Windows XP용 보안 업데이트 (KB968537)
Windows XP용 보안 업데이트 (KB969059)
Windows XP용 보안 업데이트 (KB969898)
Windows XP용 보안 업데이트 (KB969947)
Windows XP용 보안 업데이트 (KB970238)
Windows XP용 보안 업데이트 (KB970430)
Windows XP용 보안 업데이트 (KB971468)
Windows XP용 보안 업데이트 (KB971486)
Windows XP용 보안 업데이트 (KB971557)
Windows XP용 보안 업데이트 (KB971633)
Windows XP용 보안 업데이트 (KB971657)
Windows XP용 보안 업데이트 (KB972270)
Windows XP용 보안 업데이트 (KB973346)
Windows XP용 보안 업데이트 (KB973354)
Windows XP용 보안 업데이트 (KB973507)
Windows XP용 보안 업데이트 (KB973525)
Windows XP용 보안 업데이트 (KB973869)
Windows XP용 보안 업데이트 (KB973904)
Windows XP용 보안 업데이트 (KB974112)
Windows XP용 보안 업데이트 (KB974318)
Windows XP용 보안 업데이트 (KB974392)
Windows XP용 보안 업데이트 (KB974571)
Windows XP용 보안 업데이트 (KB975025)
Windows XP용 보안 업데이트 (KB975467)
Windows XP용 보안 업데이트 (KB975560)
Windows XP용 보안 업데이트 (KB975561)
Windows XP용 보안 업데이트 (KB975562)
Windows XP용 보안 업데이트 (KB975713)
Windows XP용 보안 업데이트 (KB977165)
Windows XP용 보안 업데이트 (KB977816)
Windows XP용 보안 업데이트 (KB977914)
Windows XP용 보안 업데이트 (KB978037)
Windows XP용 보안 업데이트 (KB978251)
Windows XP용 보안 업데이트 (KB978262)
Windows XP용 보안 업데이트 (KB978338)
Windows XP용 보안 업데이트 (KB978542)
Windows XP용 보안 업데이트 (KB978601)
Windows XP용 보안 업데이트 (KB978706)
Windows XP용 보안 업데이트 (KB979309)
Windows XP용 보안 업데이트 (KB979482)
Windows XP용 보안 업데이트 (KB979559)
Windows XP용 보안 업데이트 (KB979683)
Windows XP용 보안 업데이트 (KB980195)
Windows XP용 보안 업데이트 (KB980218)
Windows XP용 보안 업데이트 (KB980232)
Windows XP용 보안 업데이트 (KB980436)
Windows XP용 보안 업데이트 (KB981852)
Windows XP용 보안 업데이트 (KB981997)
Windows XP용 보안 업데이트 (KB982214)
Windows XP용 보안 업데이트 (KB982665)
Windows XP용 업데이트 (KB951978)
Windows XP용 업데이트 (KB955759)
Windows XP용 업데이트 (KB955839)
Windows XP용 업데이트 (KB961503)
Windows XP용 업데이트 (KB967715)
Windows XP용 업데이트 (KB968389)
Windows XP용 업데이트 (KB971737)
Windows XP용 업데이트 (KB973687)
Windows XP용 업데이트 (KB973815)
Windows XP용 핫픽스 (KB952287)
Windows XP용 핫픽스 (KB961118)
Windows XP용 핫픽스 (KB970653-v3)
Windows XP용 핫픽스 (KB976098-v2)
Windows XP용 핫픽스 (KB979306)
Windows XP용 핫픽스 (KB981793)
Windows용 PC-Doctor 5
XecureWeb Control
XP Themes
Xvid MPEG-4 Video Codec

==== End Of File ===========================

broni · 2010/08/30

Welcome aboard

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

oneofnine · 2010/08/30

Thank you for taking the time to look at this

Step 1 MBAM Log
---

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4508

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-08-31 오전 12:58:35
mbam-log-2010-08-31 (00-58-35).txt

Scan type: Quick scan
Objects scanned: 153768
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

oneofnine · 2010/08/30

Step 2 GMER Log
---

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 05:21:50
Windows 5.1.2600 Service Pack 3
Running: vcu0f285.exe; Driver: C:\DOCUME~1\유민우\LOCALS~1\Temp\ffaorpod.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwClose [0x97548AB0]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwCreateKey [0x97548930]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwDeleteKey [0x97548CD0]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwDeleteValueKey [0x97548DC0]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwEnumerateKey [0x975490F0]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwEnumerateValueKey [0x97549340]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwFlushKey [0x97548BE0]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwLoadKey [0x975495C0]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwOpenKey [0x97548820]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwQueryKey [0x97549220]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwQueryValueKey [0x97549470]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwSetValueKey [0x97548F30]
SSDT \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.) ZwUnloadKey [0x975496A0]

INT 0x62 ? 8A5F5BF8
INT 0x63 ? 8A5F4BF8
INT 0x63 ? 89AE1BF8
INT 0x73 ? 89AE1BF8
INT 0x84 ? 89AE1BF8
INT 0x94 ? 89AE1BF8
INT 0xB4 ? 89AE1BF8

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!NtOpenProcess + B 8058159D 4 Bytes CALL 97544391 \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess + 45 8059547A 4 Bytes CALL 97544161 \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.)
PAGE ntoskrnl.exe!ZwTerminateThread + 44 80597650 4 Bytes CALL 975441F1 \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.)
PAGE ntoskrnl.exe!ZwCreateThread + 8 805979E7 4 Bytes CALL 97544561 \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.)
PAGE ntoskrnl.exe!ZwSuspendThread + 55 8063998C 4 Bytes CALL 97544281 \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (AhnLab Common Registry Hook Driver/AhnLab, Inc.)
? spwm.sys 지정된 파일을 찾을 수 없습니다. !
.text USBPORT.SYS!DllUnload B7CF88AC 5 Bytes JMP 89AE11D8
.text aif1wi3t.SYS B7A54386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aif1wi3t.SYS B7A543AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aif1wi3t.SYS B7A543C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aif1wi3t.SYS B7A543C9 1 Byte [30]
.text aif1wi3t.SYS B7A543C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3184] WS2_32.dll!closesocket 719E3E2B 5 Bytes JMP 0015660B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3184] WS2_32.dll!send 719E4C27 5 Bytes JMP 0015634D
.text C:\Program Files\Mozilla Firefox\firefox.exe[3184] WS2_32.dll!WSARecv 719E4CB5 5 Bytes JMP 00156511
.text C:\Program Files\Mozilla Firefox\firefox.exe[3184] WS2_32.dll!recv 719E676F 5 Bytes JMP 001563C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[3184] WS2_32.dll!WSASend 719E68FA 5 Bytes JMP 00156477
.text C:\WINDOWS\explorer.exe[3824] kernel32.dll!CreateProcessInternalW 7C7E97B0 5 Bytes JMP 00AC874A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5AD5E0
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spwm.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spwm.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spwm.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spwm.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spwm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spwm.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spwm.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 89AE12D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spwm.sys
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!swprintf] 01B05E00
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!sprintf] 03D00304
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ZwClose] C4830000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoStartTimer] 020C868B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmUnlockPages] C600001C
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!_allmul] 001CA486
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!_except_handler3] 8B000023
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!_aulldiv] 00001CA9
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!strstr] 0E798366
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!_strupr] 74AAB000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmLockPagableDataSection] [96868800] \??\C:\WINDOWS\system32\drivers\v3engine.sys (AhnLab V3 Engine Driver/AhnLab, Inc.)
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!memmove] 001CAA86
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\aif1wi3t.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- Devices - GMER 1.0.15 ----

Device 8A5F21F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 864BF1F8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip AMonTDnt.sys (AhnLab Network Filter Driver, Level 2/AhnLab, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 89A6E1F8
Device \Driver\usbuhci \Device\USBPDO-1 89A6E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5AB1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5AB1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5AB1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5AB1F8
Device \Driver\usbehci \Device\USBPDO-2 89A571F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{832B0106-0C2E-44DD-81B5-5837796C42E1} 8929B500
Device \Driver\usbehci \Device\USBPDO-3 89A571F8
Device \Driver\usbuhci \Device\USBPDO-4 89A6E1F8
Device \Driver\Tcpip \Device\Tcp AMonTDnt.sys (AhnLab Network Filter Driver, Level 2/AhnLab, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 89A6E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@(獺?\0ㅒ\0?\xe04b?\0翩황 \0刃먕\0\0\0\0\0\0\0\0\0 1?2?3?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@좼\21?\0羈,\0\0\0 1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x85 0xAB 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x26 0x30 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xEF 0x8A 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@(獺?\0ㅒ\0?\xe04b?\0翩황 \0刃먕\0\0\0\0\0\0\0\0\0 1?2?3?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@좼\21?\0羈,\0\0\0 1?
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x85 0xAB 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x26 0x30 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xEF 0x8A 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x85 0xAB 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x26 0x30 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0xEF 0x8A 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@t?\0 129
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@t?뭅\0\0 32897
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@겖\34\0 20609
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@겖\34졍\0\0 53377
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@糠읗\0 4225
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@糠읗늬\0\0 36993
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@\24손\0 16513
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@\24손畇\0\0 49281
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1405460380\Groups@0??\0\0쿟?\0좇\0\0\0\0\0\0 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1405460380\Groups@$??톥\0\0\0 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1405460380\Groups@\??\0\0쿟?\0좇\0\0\0\0\0\0 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

oneofnine · 2010/08/30

Step 3 MBRCheck Log
---

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 164):
0x804D9000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF74D5000 spwm.sys
0xF7989000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF74BD000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF748F000 ACPI.sys
0xF747E000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7859000 pcmcia.sys
0xF7607000 MountMgr.sys
0xF783A000 ftdisk.sys
0xF798B000 dmload.sys
0xF7961000 dmio.sys
0xF770F000 PartMgr.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7617000 VolSnap.sys
0xF7A37000 atapi.sys
0xF7B21000 iaStor.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7A17000 fltmgr.sys
0xF7828000 sr.sys
0xF7647000 PxHelp20.sys
0xF7B0A000 KSecDD.sys
0xBA773000 Ntfs.sys
0xBA746000 NDIS.sys
0xBA72A000 Apsx86.sys
0xF7717000 ApsHM86.sys
0xF7657000 ohci1394.sys
0xF7667000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 Mup.sys
0xF7697000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9C5A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7D59000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB7D45000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB7D04000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7CE0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7CBB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7AA0000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB7A8C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB9C4A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA620000 \SystemRoot\system32\DRIVERS\tp4track.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xBA61C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA618000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB7A54000 \SystemRoot\System32\Drivers\aif1wi3t.SYS
0xB7984000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA608000 \SystemRoot\system32\DRIVERS\fsvga.sys
0xF7767000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xF7A8B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79E7000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF776F000 \SystemRoot\System32\Drivers\Modem.SYS
0xB9C3A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB796D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9C2A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9C1A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7777000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB795C000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9C0A000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF777F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB91AF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB919F000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB792C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9BFA000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9197000 \SystemRoot\system32\DRIVERS\psadd.sys
0xB918F000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xF79F3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7909000 \SystemRoot\system32\DRIVERS\ks.sys
0xB78AB000 \SystemRoot\system32\DRIVERS\update.sys
0xB82E9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB917F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF76E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9C8A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79C3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA399E000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA397A000 \SystemRoot\system32\drivers\portcls.sys
0xB9C7A000 \SystemRoot\system32\drivers\drmk.sys
0xA3963000 \SystemRoot\system32\drivers\AEAudio.sys
0xA392F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA383D000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA378A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xA1AE7000 \SystemRoot\System32\Drivers\tcusb.sys
0xA5E04000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA6A3F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA1367000 \SystemRoot\System32\Drivers\Null.SYS
0xA6A3D000 \SystemRoot\System32\Drivers\Beep.SYS
0xA539B000 \SystemRoot\System32\drivers\vga.sys
0xA6A3B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA6A39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA5393000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA538B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA5BC6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA09BC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA0963000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA094D000 \??\C:\WINDOWS\system32\Drivers\AMonTDnt.sys
0xA0927000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA08FF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA1AD7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA08DD000 \SystemRoot\System32\drivers\afd.sys
0xA1AC7000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA1AB7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5383000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xA537B000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA5373000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xA0892000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA0822000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6A37000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xA1A77000 \SystemRoot\System32\Drivers\Fips.SYS
0xA536B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA5BAA000 \SystemRoot\System32\drivers\ANC.SYS
0xA5BA6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA1347000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA5363000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA5BA2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98A54000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x9844A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x98C74000 \SystemRoot\System32\drivers\Dxapi.sys
0x998BF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA07D6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF742E000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xA1402000 \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
0xF775F000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x98C8C000 \SystemRoot\system32\DRIVERS\nespot.sys
0x98C84000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98C7C000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x983CD000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB77A9000 \SystemRoot\system32\DRIVERS\PROCDD.SYS
0x983C1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x982FE000 \SystemRoot\system32\DRIVERS\srv.sys
0x9989F000 \??\C:\WINDOWS\system32\npkakl.sys
0xF79F7000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0x980B9000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA70A000 \SystemRoot\system32\drivers\sysaudio.sys
0x96B8D000 \SystemRoot\System32\Drivers\HTTP.sys
0x97DAC000 \??\C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
0x97543000 \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys
0x96948000 \??\C:\PROGRA~1\AhnLab\V3Lite\V3Flt2K.sys
0x9677E000 \??\C:\WINDOWS\system32\drivers\v3engine.sys
0x96765000 \??\C:\Program Files\AhnLab\V3Lite\MeDCoreD.sys
0x9673A000 \??\C:\Program Files\AhnLab\V3Lite\VPDrvNt.sys
0x966F9000 \??\C:\DOCUME~1\
0x966D5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C930000 \WINDOWS\system32\ntdll.dll

Processes (total 77):
0 System Idle Process
4 System
1136 C:\WINDOWS\system32\smss.exe
1188 csrss.exe
1212 C:\WINDOWS\system32\winlogon.exe
1264 C:\WINDOWS\system32\services.exe
1276 C:\WINDOWS\system32\lsass.exe
1444 C:\WINDOWS\system32\ibmpmsvc.exe
1476 C:\WINDOWS\system32\svchost.exe
1556 svchost.exe
1600 C:\WINDOWS\system32\svchost.exe
1628 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
1752 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1804 svchost.exe
1860 svchost.exe
432 C:\WINDOWS\system32\spoolsv.exe
596 svchost.exe
656 C:\WINDOWS\system32\IPSSVC.EXE
676 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
784 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
800 C:\Program Files\Bonjour\mDNSResponder.exe
828 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
868 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
916 C:\Program Files\Java\jre6\bin\jqs.exe
1072 C:\Program Files\NAT Service\natsvc.exe
1192 C:\WINDOWS\system32\npkcmsvc.exe
1512 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2068 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
2256 C:\WINDOWS\system32\tp4serv.exe
2268 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
2288 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
2296 C:\WINDOWS\system32\TpShocks.exe
2320 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE
2332 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2360 C:\WINDOWS\system32\igfxtray.exe
2368 C:\WINDOWS\system32\hkcmd.exe
2400 C:\WINDOWS\system32\igfxsrvc.exe
2420 C:\WINDOWS\system32\igfxpers.exe
2460 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
2508 C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.EXE
2516 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
2528 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
2556 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2576 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
2612 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
2628 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
2700 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2760 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2880 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
2936 C:\Program Files\iTunes\iTunesHelper.exe
2980 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3192 C:\WINDOWS\system32\ctfmon.exe
3204 C:\Program Files\DAEMON Tools Lite\daemon.exe
1992 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
2060 C:\Program Files\Digital Line Detect\DLG.exe
2684 C:\WINDOWS\system32\svchost.exe
2756 C:\Program Files\Lenovo\System Update\SUService.exe
2836 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2668 C:\WINDOWS\system32\TPHDEXLG.exe
3028 tvttcsd.exe
3044 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
3276 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
3420 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3464 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3556 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3664 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
2568 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
1988 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
3640 C:\Program Files\iPod\bin\iPodService.exe
2636 C:\WINDOWS\system32\wscntfy.exe
1720 alg.exe
1880 C:\Program Files\KT\ConnectionManager\ConnectionManager.exe
3804 C:\Program Files\KT\ConnectionManager\RunNSP.exe
3184 C:\Program Files\Mozilla Firefox\firefox.exe
3824 C:\WINDOWS\explorer.exe
2416 C:\Documents and Settings\
1836 C:\WINDOWS\system32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS542525K9SA00, Rev: BBFZC3HP

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Lenovo MBR code detected
SHA1: 99845A1AC78E9D2325C6A82EB4FD9E0E0FE21C55

Done!

broni · 2010/08/30

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

oneofnine · 2010/08/31

Step 4 ComboFix Log
---

ComboFix 10-08-30.03 - 유민우 2010-09-01 2:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.2006.1422 [GMT 9:00]
Running from: c:\documents and settings\유민우\바탕 화면\ComboFix.exe
AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
AV: V3 Lite *On-access scanning disabled* (Updated) {A5B78720-5B41-4D39-B70F-131ABDA6F977}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\유민우\Favorites\쇼핑 스트리트, 11번가.url
c:\documents and settings\유민우\Local Settings\Application Data\Windows Server
c:\documents and settings\유민우\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\유민우\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\유민우\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\유민우\Local Settings\Application Data\Windows Server\uses32.dat
C:\install.exe
c:\program files\nzellsoft
c:\windows\system32\Downloader.exe
c:\windows\system32\npkpdb.dll
c:\windows\system32\npz.ocx
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 06:35 . 2010-08-31 06:35 -------- d-----w- c:\documents and settings\유민우\Application Data\Space International
2010-08-31 06:35 . 2010-08-31 06:35 -------- d-----w- c:\program files\Space International
2010-08-30 08:18 . 2010-08-30 08:18 -------- d-----w- c:\windows\system32\nprotect
2010-08-30 06:04 . 2010-08-30 06:04 -------- d-----w- C:\_OTL
2010-08-30 05:43 . 2010-08-30 05:43 -------- d-----w- c:\documents and settings\유민우\Application Data\Malwarebytes
2010-08-30 05:43 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 05:43 . 2010-08-30 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 05:43 . 2010-08-30 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-30 05:43 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 04:09 . 2010-08-30 04:09 -------- d-----w- c:\documents and settings\NetworkService\시작 메뉴
2010-08-30 04:09 . 2010-08-30 04:09 -------- d-----w- c:\documents and settings\NetworkService\바탕 화면
2010-08-29 20:13 . 2010-08-29 20:14 -------- d-----w- c:\documents and settings\LocalService\시작 메뉴
2010-08-29 20:13 . 2010-08-29 20:13 -------- d-----w- c:\documents and settings\LocalService\바탕 화면
2010-08-29 20:11 . 2010-08-27 02:19 1881560 ----a-w- c:\windows\system32\drivers\v3engine.sys
2010-08-29 20:11 . 2010-08-17 03:16 1426392 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2010-08-29 20:07 . 2010-08-29 20:12 -------- d-----w- c:\program files\Common Files\AhnLab
2010-08-29 20:07 . 2010-05-24 01:59 87648 ----a-w- c:\windows\system32\drivers\AMonTDLH.sys
2010-08-29 20:07 . 2009-09-17 08:41 52800 ----a-w- c:\windows\system32\drivers\AhnRghNt.sys
2010-08-29 20:07 . 2009-09-17 08:40 20416 ----a-w- c:\windows\system32\drivers\AhnRec2k.sys
2010-08-29 20:07 . 2009-09-17 08:39 52928 ----a-w- c:\windows\system32\drivers\AhnFlt2k.sys
2010-08-29 20:07 . 2010-08-29 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AhnLab
2010-08-22 07:40 . 2010-08-22 07:40 -------- d--h--w- c:\windows\PIF
2010-08-21 02:37 . 2010-08-21 02:37 -------- d-----w- c:\program files\Common Files\Skype
2010-08-21 02:37 . 2010-08-21 02:38 -------- d-----r- c:\program files\Skype
2010-08-12 08:48 . 2010-08-12 08:48 -------- d-----w- c:\program files\iPod
2010-08-12 08:46 . 2010-08-12 08:50 -------- d-----w- c:\program files\iTunes
2010-08-12 08:46 . 2010-08-12 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-12 08:37 . 2010-08-12 08:38 -------- d-----w- c:\program files\QuickTime
2010-08-12 02:32 . 2010-08-12 02:32 328 ----a-w- c:\documents and settings\유민우\symkeys.dat
2010-08-12 02:32 . 2010-08-12 02:32 4824 ----a-w- c:\documents and settings\유민우\encobject.dat
2010-08-04 00:59 . 2010-08-04 00:59 320904 ----a-w- c:\windows\system32\EasyKeytecPKI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 08:19 . 2010-02-22 04:53 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-08-30 08:19 . 2009-05-04 17:21 37944 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-08-30 08:19 . 2009-05-04 17:21 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-08-30 06:01 . 2009-05-04 07:04 -------- d-----w- c:\program files\Java
2010-08-30 05:58 . 2009-05-04 07:04 -------- d-----w- c:\program files\Common Files\Java
2010-08-29 20:07 . 2009-05-04 17:21 -------- d-----w- c:\program files\AhnLab
2010-08-27 09:20 . 2010-07-22 09:39 -------- d-----w- c:\program files\Common Files\GRETECH
2010-08-27 06:26 . 2009-05-09 09:55 -------- d-----w- c:\documents and settings\유민우\Application Data\Skype
2010-08-27 06:25 . 2009-05-09 09:56 -------- d-----w- c:\documents and settings\유민우\Application Data\skypePM
2010-08-26 06:28 . 2009-05-04 11:21 196608 ----a-w- c:\documents and settings\유민우\Application Data\IPOPMEDIA\PopRecv\rcvsvr.exe
2010-08-24 06:29 . 2009-09-19 07:28 256 ----a-w- c:\windows\system32\pool.bin
2010-08-23 08:58 . 2010-05-14 05:30 2040216 ----a-w- c:\windows\AllatPayRE.dll
2010-08-21 10:09 . 2009-11-30 13:30 -------- d-----w- c:\program files\KCP
2010-08-21 02:37 . 2009-05-09 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-19 13:42 . 2009-05-04 13:21 21114 ----a-w- c:\windows\system32\teexcept.dat
2010-08-18 01:43 . 2009-05-09 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-08-16 13:02 . 2009-05-04 13:21 2142491 ----a-w- c:\windows\system32\npmonz.exe
2010-08-12 08:48 . 2009-05-13 16:11 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 08:33 . 2009-05-13 16:12 -------- d-----w- c:\program files\Bonjour
2010-08-12 08:30 . 2010-08-12 08:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-11 12:18 . 2009-05-04 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-11 12:18 . 2009-05-04 06:35 72912 ----a-w- c:\windows\system32\perfc012.dat
2010-08-11 12:18 . 2009-05-04 06:35 243884 ----a-w- c:\windows\system32\perfh012.dat
2010-08-09 04:08 . 2010-08-09 04:08 61440 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3dde577a-n\decora-sse.dll
2010-08-09 04:08 . 2010-08-09 04:08 503808 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54436a9c-n\msvcp71.dll
2010-08-09 04:08 . 2010-08-09 04:08 499712 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54436a9c-n\jmc.dll
2010-08-09 04:08 . 2010-08-09 04:08 348160 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54436a9c-n\msvcr71.dll
2010-08-09 04:08 . 2010-08-09 04:08 12800 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3dde577a-n\decora-d3d.dll
2010-08-07 07:50 . 2009-11-30 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Clunet
2010-08-04 06:27 . 2010-05-14 05:30 70040 ----a-w- c:\windows\AllatKeyIn.exe
2010-08-03 09:38 . 2009-05-13 16:36 -------- d-----w- c:\program files\NATEON
2010-08-01 05:45 . 2009-05-23 04:54 6750208 ----a-w- c:\windows\system32\KvpVcmd.dll
2010-07-28 08:26 . 2009-05-04 11:27 300568 ----a-w- c:\windows\system32\NaverFDL.exe
2010-07-28 03:33 . 2010-03-03 17:12 127488 ----a-w- c:\windows\system32\Qrdll.dll
2010-07-20 12:51 . 2009-05-04 13:21 426270 ----a-w- c:\windows\system32\npeutilex.dll
2010-07-19 04:28 . 2010-05-11 07:27 542040 ----a-w- c:\documents and settings\유민우\Application Data\EstSoft\ALZip\ALAd.dll
2010-07-17 07:24 . 2009-05-23 04:54 1205544 ----a-w- c:\windows\system32\ISPPopUpDlg.exe
2010-07-16 20:00 . 2010-04-24 22:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:13 . 2010-07-15 05:13 120184 ----a-w- c:\windows\system32\KCPPaymentUX.dll
2010-07-15 04:16 . 2010-03-19 01:04 135168 ----a-w- c:\windows\system32\kcp_ansimclick.dll
2010-07-09 05:02 . 2010-07-09 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftCamp
2010-07-09 05:02 . 2010-07-09 05:02 1784576 ----a-w- c:\windows\system32\SCSKMemLink.dll
2010-07-07 09:08 . 2010-07-07 09:08 36864 ----a-w- c:\windows\system32\XAntiRE_C.dll
2010-07-07 06:43 . 2009-05-04 17:30 -------- d-----w- c:\program files\Common Files\XGrid Reports
2010-07-05 10:56 . 2010-07-05 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-05 08:27 . 2010-07-05 08:27 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-05 01:36 . 2010-07-05 01:36 647248 ----a-w- c:\windows\system32\IPRTCrsIgmPrintM.dll
2010-07-02 09:08 . 2010-07-02 09:08 61440 ----a-w- c:\windows\system32\MaCourtPrintInfo.dll
2010-06-30 13:47 . 2010-06-30 13:47 8709440 ----a-w- c:\documents and settings\유민우\Application Data\EstSoft\ALUpdate\ALZIP\newfile\TEMP\ALZip801.exe
2010-06-30 12:31 . 2009-05-04 06:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-05-04 06:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:01 . 2009-05-04 06:37 1851520 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 15:13 . 2010-06-23 15:13 50026 ----a-w- c:\windows\system32\Uninstall_11stSC.exe
2010-06-21 15:27 . 2009-05-04 06:37 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-05-04 06:36 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 07:48 . 2008-12-15 23:34 1324568 ----a-w- c:\windows\system32\SCSKAppLink.dll
2010-06-16 02:47 . 2009-05-04 13:21 242360 ----a-w- c:\windows\system32\TeCtrl.dll
2010-06-15 01:31 . 2010-06-15 01:31 265672 ----a-w- c:\windows\system32\MaPrintInfoCourt.dat
2010-06-14 14:31 . 2009-05-04 06:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2009-05-04 06:36 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 14:12 . 2009-05-28 02:42 207456 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-06-07 08:13 . 2008-12-29 01:53 484928 ----a-w- c:\windows\system32\SGHSMKey.dll
2010-06-07 08:13 . 2009-07-02 04:35 906816 ----a-w- c:\windows\system32\ps_ntscrypto.dll
2010-06-07 08:13 . 2009-07-02 04:35 288320 ----a-w- c:\windows\system32\ps_dlglib.dll
2010-06-07 08:13 . 2009-07-02 04:35 75328 ----a-w- c:\windows\system32\ps_nts.dll
2010-06-07 05:42 . 2009-05-23 04:54 241664 ----a-w- c:\windows\system32\PubCertDlg.dll
2010-06-26 02:36 . 2009-06-06 13:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-08-13 17:30 . 2009-08-13 17:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-03 13:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update "= "c:\documents and settings\유민우\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-29 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-04 208952]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]
"TrackPointSrv "= "tp4serv.exe" [2005-07-12 94208]
"TPFNF7 "= "c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks "= "TpShocks.exe" [2007-03-29 181808]
"EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"AwaySch "= "c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager "= "c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG "= "c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray "= "c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray "= "c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-27 413696]
"ACWLIcon "= "c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-27 126976]
"cssauth "= "c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-08-04 59392]
"ALYac "= "c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2010-08-02 83832]
"Korean IME Migration "= "c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-26 30192]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-19 615696]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-11-10 236016]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AhnLab V3Lite Tray Process "= "c:\program files\AhnLab\V3Lite\V3LTray.exe" [2010-05-20 334552]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\시작 메뉴\프로그램\시작프로그램\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 13:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\KT\\ConnectionManager\\ConnectionManager.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\SoulseekNS\\slsk.exe "=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe "=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe "=
"c:\\WINDOWS\\system32\\skcbgm.exe "=
"c:\\Program Files\\AndU\\Andu Plus\\bin\\AnduP2P.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\DiskMan\\ExpressService.exe "=
"c:\\Program Files\\NATEON\\Addin\\C4C116D8-BD82-493e-8616-14D18CE52FA0\\ShareBoard.exe "=
"c:\\Program Files\\NAT Service\\natsvc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\IPOPMEDIA\\PopRecv\\PopRecv.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\DiskMan\\dmudctrl.exe "=

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 오후 5:47 19760]
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [2009-05-05 오전 2:23 95592]
R2 NATService;NATService;c:\program files\NAT Service\natsvc.exe [2010-05-11 오전 3:16 522240]
R2 NespotP;Nespot EAPoL Protocol;c:\windows\system32\drivers\nespot.sys [2010-05-01 오전 12:09 14774]
R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-08-18 오후 3:05 31840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 오후 10:10 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 오후 1:11 569344]
R2 V3 Lite Service;V3 Lite Service;c:\program files\AhnLab\V3Lite\V3LSvc.exe [2010-08-30 오전 5:07 293592]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2010-08-30 오전 5:07 52800]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2010-08-30 오전 5:11 1426392]
R3 ASZFltNt;ASZFltNt;c:\progra~1\AhnLab\V3Lite\ASZFltNt.sys [2010-08-30 오전 5:07 124480]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2009-05-05 오전 2:23 19616]
R3 MeDCoreD_V3LITE;MeDCoreD_V3LITE;c:\program files\AhnLab\V3Lite\MeDCoreD.sys [2010-08-30 오전 5:07 106480]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-05-05 오전 7:44 13840]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 오후 12:42 35264]
R3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2010-08-30 오전 5:11 1881560]
R3 V3Flt2K;V3Flt2K;c:\progra~1\AhnLab\V3Lite\V3Flt2K.sys [2010-08-30 오전 5:07 147424]
R3 VPDrvNt;VPDrvNt;c:\program files\AhnLab\V3Lite\VPDrvNt.sys [2010-08-30 오전 5:07 121440]
S2 6360CF3C;6360CF3C;c:\windows\system32\924A53A8.EXE -k --> c:\windows\system32\924A53A8.EXE -k [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AhnFlt2k;AhnFlt2k;c:\windows\system32\drivers\AhnFlt2k.sys [2010-08-30 오전 5:07 52928]
S3 AhnRec2k;AhnRec2k;c:\windows\system32\drivers\AhnRec2k.sys [2010-08-30 오전 5:07 20416]
S3 ATamptNt_V3LITE;ATamptNt_V3LITE;c:\progra~1\AhnLab\V3Lite\ATamptNt.sys [2010-08-30 오전 5:07 112608]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [2008-12-18 오후 7:57 24312]
S3 ezty2;ezty2;\??\c:\windows\system32\ezty2.sys --> c:\windows\system32\ezty2.sys [?]
S3 GoogleDesktopManager-051210-111108;Google 데스크톱 관리자 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-06-06 오후 10:26 30192]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2009-05-05 오전 2:21 37944]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-02-22 오후 1:53 126048]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2009-05-05 오전 2:23 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2009-05-05 오전 2:23 121536]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-05-04 오후 10:21 71264]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-05-04 오후 10:21 61792]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-05-04 오후 8:28 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-05-04 16:14]

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{DCBAB2EF-9DAB-4801-A794-3711DAC2F05B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bluetooth 장치로 보내기(&B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmall?method=Xsite&tid=1000105205
Trusted Zone: hometax.go.kr
Trusted Zone: iros.go.kr\www
DPF: {054BF5DC-6052-4235-9DB4-7CCDC28CF8B4} - hxxps://nxpartners.okcashbag.com/itrs/meps/ITRSClient.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
DPF: {1C8143AB-92ED-4C3C-A641-B5664530ED9F} - hxxp://www.iros.go.kr/icis/IPRTCrsIgmPrintX.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxp://plugin.inicis.com/wallet61/INIwallet61.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {29A84C9B-9AC0-4A18-B0D7-60571B0E88CE} - hxxp://www.11st.co.kr/ocx/SKSCmaker.cab
DPF: {2BAD742D-7CC8-496D-9181-EE8A2CF873BD} - hxxp://www.cfolder.co.kr/app2/NewCabs/CFolderLauncher.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
DPF: {325A2282-C738-4265-B43D-587926879609} - hxxp://www.iros.go.kr/iris/TrustedZoneCtrl.cab
DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
DPF: {3B780B78-73B9-49B8-9630-3E60EDE61C73} - hxxp://www.wooribank.com/download/RDServer/MaDownloadRD.cab
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} - hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} - hxxp://download.kbstar.com/package/ibz/xgrid/KBXGridInstall.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab
DPF: {49A572CA-62B0-4C57-9138-C9F546C84097} - hxxp://cybermap.co.kr/company/kyochon/CYBERMAP_ASP_KYOCHON.cab
DPF: {5372AA29-8474-4679-B89E-CDEFBB78DB2E} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/BTWSSOClientForNTSItg.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {646D956E-6E48-4F84-98F9-67627A4D222A} - hxxp://www.diskman.co.kr/cab/20100426/dmudctrl.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3023_32k.cab
DPF: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://emailweb.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab
DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} - hxxp://imgcdn.pandora.tv/pan_img/app/FirstLoad1.0.0.3.cab
DPF: {834C7234-C9D7-4129-8D38-DF25EE3D265F} - hxxp://www.cybermap.co.kr/cm2000/company2/postoffice/CYBERMAP_ASP2_POSTOFFICE.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} - hxxp://dl.ipop.co.kr/ipop/ipopx.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} - hxxp://pgdownload.dacom.net/lgdacom/LGDacomXPayUpdater.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://www.tworld.co.kr/common/cab/ewsinstaller_full.exe
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} - hxxp://www.esero.go.kr/CodeSign/INISAFEMailv4_9.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://mall.shinsegae.com/interface/object/BankPayEFT.cab
DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} - hxxp://www.iros.go.kr/iris/MaPrintInfoCourt.cab
DPF: {B795470F-8985-4868-97A0-FA0EA5F96FD1} - hxxp://platform.nx.com/ActiveX/nximg3.cab
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1020.cab
DPF: {C5D387A6-2770-432F-A5D7-5E886BED167F} - hxxp://emailimg.sktelecom.com/webprint/WebPriLoader_v1007.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {CF392830-663F-11D5-89EE-000086551DF6} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} - hxxps://pay.kcp.co.kr/plugin/file/payplus.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.tworld.co.kr/initech/plugin/down/INIS50.cab
DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} - hxxp://www.wooribank.com/download/RDServer/SmartUpdate.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
FF - ProfilePath - c:\documents and settings\유민우\Application Data\Mozilla\Firefox\Profiles\3y35w5s6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
FF - plugin: c:\program files\AhnLab\ASP\Components\aosmgr\conflict_342\npaosmgr.dll
FF - plugin: c:\program files\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
FF - plugin: c:\program files\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll
FF - plugin: c:\program files\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-UnityWebPlayer - c:\documents and settings\유민우\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 02:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALYac_PZSrv]
"ImagePath "= "c:\program files\ESTsoft\ALYac\AYServiceNt.aye "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\IMKR12.IME

- - - - - - - > 'lsass.exe'(1240)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_think_res.dll
c:\program files\Lenovo\Client Security Solution\css_think_res.dll
c:\windows\system32\IMKR12.IME
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\npkcmsvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\conime.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\tp4serv.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\ESTsoft\ALYac\AYAgent.aye
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-01 02:29:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-31 17:29

Pre-Run: 3,853,152,256 바이트 남음
Post-Run: 3,724,099,584 바이트 남음

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /Execute /fastdetect

- - End Of File - - 0AC5D38DDC46847FCBB5DB108E026FF6

broni · 2010/08/31

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\explorer.exe
- c:\windows\system32\winlogon.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

oneofnine · 2010/08/31

virustotal.com Log
---

File name:
explorer.exe
Submission date:
2010-09-01 01:55:34 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 43 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.09.01.00 2010.09.01 -
AntiVir 8.2.4.46 2010.08.31 -
Antiy-AVL 2.0.3.7 2010.08.31 -
Authentium 5.2.0.5 2010.09.01 -
Avast 4.8.1351.0 2010.08.31 -
Avast5 5.0.594.0 2010.08.31 -
AVG 9.0.0.851 2010.08.31 -
BitDefender 7.2 2010.09.01 -
CAT-QuickHeal 11.00 2010.08.31 -
ClamAV 0.96.2.0-git 2010.08.31 -
Comodo 5928 2010.09.01 -
DrWeb 5.0.2.03300 2010.09.01 -
Emsisoft 5.0.0.37 2010.09.01 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7829 2010.08.31 -
F-Prot 4.6.1.107 2010.08.31 -
F-Secure 9.0.15370.0 2010.09.01 -
Fortinet 4.1.143.0 2010.08.31 -
GData 21 2010.09.01 -
Ikarus T3.1.1.88.0 2010.09.01 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2406 2010.08.31 -
Kaspersky 7.0.0.125 2010.09.01 -
McAfee 5.400.0.1158 2010.09.01 -
McAfee-GW-Edition 2010.1B 2010.09.01 -
Microsoft 1.6103 2010.08.31 -
NOD32 5413 2010.08.31 -
Norman 6.05.11 2010.08.31 -
nProtect 2010-08-31.01 2010.08.31 -
Panda 10.0.2.7 2010.08.31 -
PCTools 7.0.3.5 2010.09.01 -
Prevx 3.0 2010.09.01 -
Rising 22.63.01.04 2010.08.31 -
Sophos 4.56.0 2010.09.01 -
Sunbelt 6820 2010.09.01 -
SUPERAntiSpyware 4.40.0.1006 2010.09.01 -
Symantec 20101.1.1.7 2010.09.01 -
TheHacker 6.5.2.1.360 2010.09.01 -
TrendMicro 9.120.0.1004 2010.08.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.01 -
VBA32 3.12.14.0 2010.08.31 -
ViRobot 2010.8.31.4017 2010.08.31 -
VirusBuster 5.0.27.0 2010.08.31 -

File name:
winlogon.exe
Submission date:
2010-09-01 02:01:32 (UTC)
Current status:
queued (#9) queued (#9) analysing finished
Result:
0/ 43 (0.0%)

Antivirus Version Last Update Result
AhnLab-V3 2010.09.01.00 2010.09.01 -
AntiVir 8.2.4.46 2010.08.31 -
Antiy-AVL 2.0.3.7 2010.08.31 -
Authentium 5.2.0.5 2010.09.01 -
Avast 4.8.1351.0 2010.08.31 -
Avast5 5.0.594.0 2010.08.31 -
AVG 9.0.0.851 2010.08.31 -
BitDefender 7.2 2010.09.01 -
CAT-QuickHeal 11.00 2010.08.31 -
ClamAV 0.96.2.0-git 2010.08.31 -
Comodo 5928 2010.09.01 -
DrWeb 5.0.2.03300 2010.09.01 -
Emsisoft 5.0.0.37 2010.09.01 -
eSafe 7.0.17.0 2010.08.30 -
eTrust-Vet 36.1.7829 2010.08.31 -
F-Prot 4.6.1.107 2010.08.31 -
F-Secure 9.0.15370.0 2010.09.01 -
Fortinet 4.1.143.0 2010.08.31 -
GData 21 2010.09.01 -
Ikarus T3.1.1.88.0 2010.09.01 -
Jiangmin 13.0.900 2010.08.30 -
K7AntiVirus 9.63.2406 2010.08.31 -
Kaspersky 7.0.0.125 2010.09.01 -
McAfee 5.400.0.1158 2010.09.01 -
McAfee-GW-Edition 2010.1B 2010.09.01 -
Microsoft 1.6103 2010.08.31 -
NOD32 5413 2010.08.31 -
Norman 6.05.11 2010.08.31 -
nProtect 2010-08-31.01 2010.08.31 -
Panda 10.0.2.7 2010.08.31 -
PCTools 7.0.3.5 2010.09.01 -
Prevx 3.0 2010.09.01 -
Rising 22.63.01.04 2010.08.31 -
Sophos 4.56.0 2010.09.01 -
Sunbelt 6820 2010.09.01 -
SUPERAntiSpyware 4.40.0.1006 2010.09.01 -
Symantec 20101.1.1.7 2010.09.01 -
TheHacker 6.5.2.1.360 2010.09.01 -
TrendMicro 9.120.0.1004 2010.08.31 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.01 -
VBA32 3.12.14.0 2010.08.31 -
ViRobot 2010.8.31.4017 2010.08.31 -
VirusBuster 5.0.27.0 2010.08.31 -

broni · 2010/08/31

Very good

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys
c:\windows\ServicePackFiles\i386\aec.sys | c:\windows\system32\drivers\aec.sys

Driver::
6360CF3C


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

oneofnine · 2010/08/31

ComboFix 10-08-31.01 - 유민우 2010-09-01 13:12:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.2006.590 [GMT 9:00]
Running from: c:\documents and settings\유민우\바탕 화면\ComboFix.exe
Command switches used :: c:\documents and settings\유민우\바탕 화면\CFScript.txt
AV: 알약 *On-access scanning disabled* (Updated) {B9431E5A-E196-4B6F-843A-10E01DB25461}
AV: V3 Lite *On-access scanning disabled* (Updated) {A5B78720-5B41-4D39-B70F-131ABDA6F977}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
c:\windows\ServicePackFiles\i386\aec.sys --> c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6360CF3C
-------\Service_6360CF3C

((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-08-31 06:35 . 2010-08-31 06:35 -------- d-----w- c:\documents and settings\유민우\Application Data\Space International
2010-08-31 06:35 . 2010-08-31 06:35 -------- d-----w- c:\program files\Space International
2010-08-30 08:18 . 2010-08-30 08:18 -------- d-----w- c:\windows\system32\nprotect
2010-08-30 06:04 . 2010-08-30 06:04 -------- d-----w- C:\_OTL
2010-08-30 05:43 . 2010-08-30 05:43 -------- d-----w- c:\documents and settings\유민우\Application Data\Malwarebytes
2010-08-30 05:43 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 05:43 . 2010-08-30 15:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 05:43 . 2010-08-30 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-30 05:43 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 04:09 . 2010-08-30 04:09 -------- d-----w- c:\documents and settings\NetworkService\시작 메뉴
2010-08-30 04:09 . 2010-08-30 04:09 -------- d-----w- c:\documents and settings\NetworkService\바탕 화면
2010-08-29 20:13 . 2010-08-29 20:14 -------- d-----w- c:\documents and settings\LocalService\시작 메뉴
2010-08-29 20:13 . 2010-08-29 20:13 -------- d-----w- c:\documents and settings\LocalService\바탕 화면
2010-08-29 20:11 . 2010-08-27 02:19 1881560 ----a-w- c:\windows\system32\drivers\v3engine.sys
2010-08-29 20:11 . 2010-08-17 03:16 1426392 ----a-w- c:\windows\system32\drivers\ahnsze.sys
2010-08-29 20:07 . 2010-08-29 20:12 -------- d-----w- c:\program files\Common Files\AhnLab
2010-08-29 20:07 . 2010-05-24 01:59 87648 ----a-w- c:\windows\system32\drivers\AMonTDLH.sys
2010-08-29 20:07 . 2009-09-17 08:41 52800 ----a-w- c:\windows\system32\drivers\AhnRghNt.sys
2010-08-29 20:07 . 2009-09-17 08:40 20416 ----a-w- c:\windows\system32\drivers\AhnRec2k.sys
2010-08-29 20:07 . 2009-09-17 08:39 52928 ----a-w- c:\windows\system32\drivers\AhnFlt2k.sys
2010-08-29 20:07 . 2010-08-29 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AhnLab
2010-08-22 07:40 . 2010-08-22 07:40 -------- d--h--w- c:\windows\PIF
2010-08-21 02:37 . 2010-08-21 02:37 -------- d-----w- c:\program files\Common Files\Skype
2010-08-21 02:37 . 2010-08-21 02:38 -------- d-----r- c:\program files\Skype
2010-08-12 08:48 . 2010-08-12 08:48 -------- d-----w- c:\program files\iPod
2010-08-12 08:46 . 2010-08-12 08:50 -------- d-----w- c:\program files\iTunes
2010-08-12 08:46 . 2010-08-12 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-12 08:37 . 2010-08-12 08:38 -------- d-----w- c:\program files\QuickTime
2010-08-12 02:32 . 2010-08-12 02:32 328 ----a-w- c:\documents and settings\유민우\symkeys.dat
2010-08-12 02:32 . 2010-08-12 02:32 4824 ----a-w- c:\documents and settings\유민우\encobject.dat
2010-08-04 00:59 . 2010-08-04 00:59 320904 ----a-w- c:\windows\system32\EasyKeytecPKI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 08:19 . 2010-02-22 04:53 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-08-30 08:19 . 2009-05-04 17:21 37944 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-08-30 08:19 . 2009-05-04 17:21 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-08-30 06:01 . 2009-05-04 07:04 -------- d-----w- c:\program files\Java
2010-08-30 05:58 . 2009-05-04 07:04 -------- d-----w- c:\program files\Common Files\Java
2010-08-29 20:07 . 2009-05-04 17:21 -------- d-----w- c:\program files\AhnLab
2010-08-27 09:20 . 2010-07-22 09:39 -------- d-----w- c:\program files\Common Files\GRETECH
2010-08-27 06:26 . 2009-05-09 09:55 -------- d-----w- c:\documents and settings\유민우\Application Data\Skype
2010-08-27 06:25 . 2009-05-09 09:56 -------- d-----w- c:\documents and settings\유민우\Application Data\skypePM
2010-08-26 06:28 . 2009-05-04 11:21 196608 ----a-w- c:\documents and settings\유민우\Application Data\IPOPMEDIA\PopRecv\rcvsvr.exe
2010-08-24 06:29 . 2009-09-19 07:28 256 ----a-w- c:\windows\system32\pool.bin
2010-08-23 08:58 . 2010-05-14 05:30 2040216 ----a-w- c:\windows\AllatPayRE.dll
2010-08-21 10:09 . 2009-11-30 13:30 -------- d-----w- c:\program files\KCP
2010-08-21 02:37 . 2009-05-09 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-19 13:42 . 2009-05-04 13:21 21114 ----a-w- c:\windows\system32\teexcept.dat
2010-08-18 01:43 . 2009-05-09 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-08-16 13:02 . 2009-05-04 13:21 2142491 ----a-w- c:\windows\system32\npmonz.exe
2010-08-12 08:48 . 2009-05-13 16:11 -------- d-----w- c:\program files\Common Files\Apple
2010-08-12 08:33 . 2009-05-13 16:12 -------- d-----w- c:\program files\Bonjour
2010-08-12 08:30 . 2010-08-12 08:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-11 12:18 . 2009-05-04 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-11 12:18 . 2009-05-04 06:35 72912 ----a-w- c:\windows\system32\perfc012.dat
2010-08-11 12:18 . 2009-05-04 06:35 243884 ----a-w- c:\windows\system32\perfh012.dat
2010-08-09 04:08 . 2010-08-09 04:08 61440 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3dde577a-n\decora-sse.dll
2010-08-09 04:08 . 2010-08-09 04:08 503808 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54436a9c-n\msvcp71.dll
2010-08-09 04:08 . 2010-08-09 04:08 499712 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54436a9c-n\jmc.dll
2010-08-09 04:08 . 2010-08-09 04:08 348160 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-54436a9c-n\msvcr71.dll
2010-08-09 04:08 . 2010-08-09 04:08 12800 ----a-w- c:\documents and settings\유민우\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3dde577a-n\decora-d3d.dll
2010-08-07 07:50 . 2009-11-30 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Clunet
2010-08-04 06:27 . 2010-05-14 05:30 70040 ----a-w- c:\windows\AllatKeyIn.exe
2010-08-03 09:38 . 2009-05-13 16:36 -------- d-----w- c:\program files\NATEON
2010-08-01 05:45 . 2009-05-23 04:54 6750208 ----a-w- c:\windows\system32\KvpVcmd.dll
2010-07-28 08:26 . 2009-05-04 11:27 300568 ----a-w- c:\windows\system32\NaverFDL.exe
2010-07-28 03:33 . 2010-03-03 17:12 127488 ----a-w- c:\windows\system32\Qrdll.dll
2010-07-20 12:51 . 2009-05-04 13:21 426270 ----a-w- c:\windows\system32\npeutilex.dll
2010-07-19 04:28 . 2010-05-11 07:27 542040 ----a-w- c:\documents and settings\유민우\Application Data\EstSoft\ALZip\ALAd.dll
2010-07-17 07:24 . 2009-05-23 04:54 1205544 ----a-w- c:\windows\system32\ISPPopUpDlg.exe
2010-07-16 20:00 . 2010-04-24 22:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 05:13 . 2010-07-15 05:13 120184 ----a-w- c:\windows\system32\KCPPaymentUX.dll
2010-07-15 04:16 . 2010-03-19 01:04 135168 ----a-w- c:\windows\system32\kcp_ansimclick.dll
2010-07-09 05:02 . 2010-07-09 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SoftCamp
2010-07-09 05:02 . 2010-07-09 05:02 1784576 ----a-w- c:\windows\system32\SCSKMemLink.dll
2010-07-07 09:08 . 2010-07-07 09:08 36864 ----a-w- c:\windows\system32\XAntiRE_C.dll
2010-07-07 06:43 . 2009-05-04 17:30 -------- d-----w- c:\program files\Common Files\XGrid Reports
2010-07-05 10:56 . 2010-07-05 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-05 08:27 . 2010-07-05 08:27 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-05 01:36 . 2010-07-05 01:36 647248 ----a-w- c:\windows\system32\IPRTCrsIgmPrintM.dll
2010-07-02 09:08 . 2010-07-02 09:08 61440 ----a-w- c:\windows\system32\MaCourtPrintInfo.dll
2010-06-30 13:47 . 2010-06-30 13:47 8709440 ----a-w- c:\documents and settings\유민우\Application Data\EstSoft\ALUpdate\ALZIP\newfile\TEMP\ALZip801.exe
2010-06-30 12:31 . 2009-05-04 06:36 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2009-05-04 06:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:01 . 2009-05-04 06:37 1851520 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 15:13 . 2010-06-23 15:13 50026 ----a-w- c:\windows\system32\Uninstall_11stSC.exe
2010-06-21 15:27 . 2009-05-04 06:37 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-05-04 06:36 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-16 07:48 . 2008-12-15 23:34 1324568 ----a-w- c:\windows\system32\SCSKAppLink.dll
2010-06-16 02:47 . 2009-05-04 13:21 242360 ----a-w- c:\windows\system32\TeCtrl.dll
2010-06-15 01:31 . 2010-06-15 01:31 265672 ----a-w- c:\windows\system32\MaPrintInfoCourt.dat
2010-06-14 07:41 . 2009-05-04 06:36 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 14:12 . 2009-05-28 02:42 207456 ----a-w- c:\windows\system32\npkcmsvc.exe
2010-06-07 08:13 . 2008-12-29 01:53 484928 ----a-w- c:\windows\system32\SGHSMKey.dll
2010-06-07 08:13 . 2009-07-02 04:35 906816 ----a-w- c:\windows\system32\ps_ntscrypto.dll
2010-06-07 08:13 . 2009-07-02 04:35 288320 ----a-w- c:\windows\system32\ps_dlglib.dll
2010-06-07 08:13 . 2009-07-02 04:35 75328 ----a-w- c:\windows\system32\ps_nts.dll
2010-06-07 05:42 . 2009-05-23 04:54 241664 ----a-w- c:\windows\system32\PubCertDlg.dll
2010-06-26 02:36 . 2009-06-06 13:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-08-13 17:30 . 2009-08-13 17:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update "= "c:\documents and settings\유민우\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-29 135664]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-04 208952]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168]
"TrackPointSrv "= "tp4serv.exe" [2005-07-12 94208]
"TPFNF7 "= "c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPHOTKEY "= "c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks "= "TpShocks.exe" [2007-03-29 181808]
"EZEJMNAP "= "c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"TVT Scheduler Proxy "= "c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"AwaySch "= "c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager "= "c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-03-22 120368]
"AMSG "= "c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray "= "c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray "= "c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-27 413696]
"ACWLIcon "= "c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-27 126976]
"cssauth "= "c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-08-04 59392]
"ALYac "= "c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2010-08-02 83832]
"Korean IME Migration "= "c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-26 30192]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-03-19 615696]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-11-10 236016]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AhnLab V3Lite Tray Process "= "c:\program files\AhnLab\V3Lite\V3LTray.exe" [2010-05-20 334552]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\시작 메뉴\프로그램\시작프로그램\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-4 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 13:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\KT\\ConnectionManager\\ConnectionManager.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\SoulseekNS\\slsk.exe "=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe "=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe "=
"c:\\WINDOWS\\system32\\skcbgm.exe "=
"c:\\Program Files\\AndU\\Andu Plus\\bin\\AnduP2P.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\DiskMan\\ExpressService.exe "=
"c:\\Program Files\\NATEON\\Addin\\C4C116D8-BD82-493e-8616-14D18CE52FA0\\ShareBoard.exe "=
"c:\\Program Files\\NAT Service\\natsvc.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\IPOPMEDIA\\PopRecv\\PopRecv.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\DiskMan\\dmudctrl.exe "=

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 오후 5:47 19760]
R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\AmonTDNt.sys [2009-05-05 오전 2:23 95592]
R2 NATService;NATService;c:\program files\NAT Service\natsvc.exe [2010-05-11 오전 3:16 522240]
R2 NespotP;Nespot EAPoL Protocol;c:\windows\system32\drivers\nespot.sys [2010-05-01 오전 12:09 14774]
R2 npkakl;npkakl;c:\windows\system32\npkakl.sys [2009-08-18 오후 3:05 31840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 오후 10:10 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 오후 1:11 569344]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2010-08-30 오전 5:07 52800]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2009-05-05 오전 2:23 19616]
R3 MeDCoreD_V3LITE;MeDCoreD_V3LITE;c:\program files\AhnLab\V3Lite\MeDCoreD.sys [2010-08-30 오전 5:07 106480]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2009-05-05 오전 7:44 13840]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 오후 12:42 35264]
R3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2010-08-30 오전 5:11 1881560]
R3 V3Flt2K;V3Flt2K;c:\progra~1\AhnLab\V3Lite\V3Flt2K.sys [2010-08-30 오전 5:07 147424]
R3 VPDrvNt;VPDrvNt;c:\program files\AhnLab\V3Lite\VPDrvNt.sys [2010-08-30 오전 5:07 121440]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 V3 Lite Service;V3 Lite Service;c:\program files\AhnLab\V3Lite\V3LSvc.exe [2010-08-30 오전 5:07 293592]
S3 AhnFlt2k;AhnFlt2k;c:\windows\system32\drivers\AhnFlt2k.sys [2010-08-30 오전 5:07 52928]
S3 AhnRec2k;AhnRec2k;c:\windows\system32\drivers\AhnRec2k.sys [2010-08-30 오전 5:07 20416]
S3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2010-08-30 오전 5:11 1426392]
S3 ASZFltNt;ASZFltNt;c:\progra~1\AhnLab\V3Lite\ASZFltNt.sys [2010-08-30 오전 5:07 124480]
S3 ATamptNt_V3LITE;ATamptNt_V3LITE;c:\progra~1\AhnLab\V3Lite\ATamptNt.sys [2010-08-30 오전 5:07 112608]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\ESTsoft\ALYac\AYDrvSP.sys [2008-12-18 오후 7:57 24312]
S3 ezty2;ezty2;\??\c:\windows\system32\ezty2.sys --> c:\windows\system32\ezty2.sys [?]
S3 GoogleDesktopManager-051210-111108;Google 데스크톱 관리자 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-06-06 오후 10:26 30192]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2009-05-05 오전 2:21 37944]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2010-02-22 오후 1:53 126048]
S3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2009-05-05 오전 2:23 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2009-05-05 오전 2:23 121536]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-05-04 오후 10:21 71264]
S3 NPIDS;NPIDS;c:\windows\system32\npids.sys [2009-05-04 오후 10:21 61792]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-05-04 오후 8:28 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-05-04 16:14]

2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{DCBAB2EF-9DAB-4801-A794-3711DAC2F05B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bluetooth 장치로 보내기(&B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.kr/connect/Gateway.tmall?method=Xsite&tid=1000105205
Trusted Zone: hometax.go.kr
Trusted Zone: iros.go.kr\www
DPF: {054BF5DC-6052-4235-9DB4-7CCDC28CF8B4} - hxxps://nxpartners.okcashbag.com/itrs/meps/ITRSClient.cab
DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} - hxxp://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab
DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab
DPF: {1C8143AB-92ED-4C3C-A641-B5664530ED9F} - hxxp://www.iros.go.kr/icis/IPRTCrsIgmPrintX.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxp://plugin.inicis.com/wallet61/INIwallet61.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {29A84C9B-9AC0-4A18-B0D7-60571B0E88CE} - hxxp://www.11st.co.kr/ocx/SKSCmaker.cab
DPF: {2BAD742D-7CC8-496D-9181-EE8A2CF873BD} - hxxp://www.cfolder.co.kr/app2/NewCabs/CFolderLauncher.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
DPF: {325A2282-C738-4265-B43D-587926879609} - hxxp://www.iros.go.kr/iris/TrustedZoneCtrl.cab
DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
DPF: {3B780B78-73B9-49B8-9630-3E60EDE61C73} - hxxp://www.wooribank.com/download/RDServer/MaDownloadRD.cab
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} - hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} - hxxp://download.kbstar.com/package/ibz/xgrid/KBXGridInstall.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab
DPF: {49A572CA-62B0-4C57-9138-C9F546C84097} - hxxp://cybermap.co.kr/company/kyochon/CYBERMAP_ASP_KYOCHON.cab
DPF: {5372AA29-8474-4679-B89E-CDEFBB78DB2E} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/BTWSSOClientForNTSItg.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {646D956E-6E48-4F84-98F9-67627A4D222A} - hxxp://www.diskman.co.kr/cab/20100426/dmudctrl.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3023_32k.cab
DPF: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://emailweb.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab
DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} - hxxp://imgcdn.pandora.tv/pan_img/app/FirstLoad1.0.0.3.cab
DPF: {834C7234-C9D7-4129-8D38-DF25EE3D265F} - hxxp://www.cybermap.co.kr/cm2000/company2/postoffice/CYBERMAP_ASP2_POSTOFFICE.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} - hxxp://dl.ipop.co.kr/ipop/ipopx.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} - hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} - hxxp://pgdownload.dacom.net/lgdacom/LGDacomXPayUpdater.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://www.tworld.co.kr/common/cab/ewsinstaller_full.exe
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} - hxxp://www.esero.go.kr/CodeSign/INISAFEMailv4_9.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://mall.shinsegae.com/interface/object/BankPayEFT.cab
DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} - hxxp://www.iros.go.kr/iris/MaPrintInfoCourt.cab
DPF: {B795470F-8985-4868-97A0-FA0EA5F96FD1} - hxxp://platform.nx.com/ActiveX/nximg3.cab
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://cdn.hangame.com/hangame/hansetup/HanSetup1020.cab
DPF: {C5D387A6-2770-432F-A5D7-5E886BED167F} - hxxp://emailimg.sktelecom.com/webprint/WebPriLoader_v1007.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {CF392830-663F-11D5-89EE-000086551DF6} - hxxp://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab
DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} - hxxps://pay.kcp.co.kr/plugin/file/payplus.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.tworld.co.kr/initech/plugin/down/INIS50.cab
DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} - hxxp://www.wooribank.com/download/RDServer/SmartUpdate.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
FF - ProfilePath - c:\documents and settings\유민우\Application Data\Mozilla\Firefox\Profiles\3y35w5s6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.com
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
FF - plugin: c:\program files\AhnLab\ASP\Components\aosmgr\conflict_342\npaosmgr.dll
FF - plugin: c:\program files\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
FF - plugin: c:\program files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
FF - plugin: c:\program files\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll
FF - plugin: c:\program files\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll
FF - plugin: c:\windows\system32\npKeyPro.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 13:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALYac_PZSrv]
"ImagePath "= "c:\program files\ESTsoft\ALYac\AYServiceNt.aye "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\IMKR12.IME

- - - - - - - > 'lsass.exe'(1256)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll

- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_think_res.dll
c:\program files\Lenovo\Client Security Solution\css_think_res.dll
c:\windows\system32\IMKR12.IME
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.KOR
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\npkcmsvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\tp4serv.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-01 13:28:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-01 04:28
ComboFix2.txt 2010-08-31 17:29

Pre-Run: 3,440,607,232 바이트 남음
Post-Run: 3,439,292,416 바이트 남음

- - End Of File - - 0AA7F10AE92A5463C817CFE9AE7FE1EB

broni · 2010/08/31

Looks good

How is computer doing?

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

oneofnine · 2010/09/01

Going swell PC is running smoothly!

Scan produced OTL.txt, but not Extras.txt.
---

OTL logfile created on: 2010-09-01 오후 2:38:16 - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\유민우\바탕 화면\clean
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 begin_of_the_skype_highlighting**************2046 4092******end_of_the_skype_highlighting [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.72 Gb Total Space | 3.11 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-62B52185
Current User Name: 유민우
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-09-01 14:29:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\유민우\바탕 화면\clean\OTL.exe
PRC - [2010-06-26 11:36:35 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-06-09 23:12:12 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npkcmsvc.exe
PRC - [2010-06-09 00:41:31 | 000,522,240 | ---- | M] () -- C:\Program Files\NAT Service\natsvc.exe
PRC - [2010-02-22 13:53:29 | 000,124,216 | R--- | M] (SoftForum Co., Ltd.) -- C:\WINDOWS\system32\CKAgent.exe
PRC - [2009-12-09 16:01:20 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009-12-07 09:22:28 | 000,259,448 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\SoftForum\XecureWeb\ActiveX\ClientSM.exe
PRC - [2009-03-19 12:02:22 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008-04-14 11:27:17 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 11:27:12 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2007-04-16 11:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-04-16 11:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-04-16 11:17:58 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007-04-16 11:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-04-10 03:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007-03-29 18:40:48 | 000,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007-03-29 02:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007-03-27 19:56:42 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007-03-27 19:52:22 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007-03-27 19:51:10 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007-03-27 19:46:42 | 000,180,224 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007-03-27 19:44:34 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007-03-23 02:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007-03-09 14:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007-03-08 13:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007-03-02 17:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007-02-27 19:09:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007-02-27 17:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007-02-27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007-02-08 13:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007-02-08 13:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007-02-08 13:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007-02-08 13:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007-02-08 13:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007-02-08 11:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007-02-02 03:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2007-01-30 19:07:54 | 000,927,296 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007-01-30 19:01:36 | 002,618,944 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007-01-30 18:45:42 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007-01-30 18:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007-01-30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007-01-29 08:38:00 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006-12-15 16:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006-11-03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006-09-06 16:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006-05-23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006-05-18 16:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2005-07-13 03:55:00 | 000,094,208 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\tp4serv.exe

========== Modules (SafeList) ==========

MOD - [2010-09-01 14:29:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\유민우\바탕 화면\clean\OTL.exe
MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-07-12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008-12-04 05:47:44 | 000,419,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\IMKR12.IME
MOD - [2008-04-14 11:27:05 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008-04-14 11:27:04 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008-04-14 11:25:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-14 02:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2007-02-27 17:48:08 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007-02-27 17:45:10 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007-01-30 19:08:06 | 000,661,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2007-01-30 19:08:04 | 000,738,880 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll
MOD - [2007-01-30 19:07:58 | 002,086,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
MOD - [2007-01-30 18:54:28 | 001,324,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
MOD - [2007-01-30 18:54:24 | 000,714,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
MOD - [2007-01-30 18:54:20 | 005,211,712 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll
MOD - [2007-01-30 18:54:00 | 001,910,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
MOD - [2007-01-30 18:53:54 | 000,800,320 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
MOD - [2007-01-30 18:45:44 | 000,665,152 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
MOD - [2007-01-30 18:45:40 | 000,386,624 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
MOD - [2007-01-30 18:37:04 | 000,067,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_think_res.dll
MOD - [2007-01-25 15:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll

========== Win32 Services (SafeList) ==========

SRV - [2010-08-04 18:30:12 | 000,915,320 | ---- | M] (ESTsoft Corp) [Auto | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye -- (ALYac_PZSrv)
SRV - [2010-06-26 11:36:35 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-06-09 23:12:12 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\npkcmsvc.exe -- (npkcmsvc)
SRV - [2010-06-09 00:41:31 | 000,522,240 | ---- | M] () [Auto | Running] -- C:\Program Files\NAT Service\natsvc.exe -- (NATService)
SRV - [2009-10-08 11:24:59 | 000,293,592 | ---- | M] (AhnLab, Inc.) [Auto | Stopped] -- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe -- (V3 Lite Service)
SRV - [2009-08-11 18:10:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007-04-16 11:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007-04-16 11:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2007-04-16 11:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007-03-27 19:46:42 | 000,180,224 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007-03-27 19:44:34 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007-03-02 17:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007-02-27 19:09:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007-02-27 17:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007-02-08 13:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007-02-08 13:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007-02-08 13:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007-02-08 11:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007-01-30 18:45:42 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007-01-30 18:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007-01-30 12:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006-12-15 16:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006-05-23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005-10-06 18:19:02 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\scsk5.sys -- (scsk5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\ezty2.sys -- (ezty2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010-09-01 14:05:27 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\kcrtx86.sys -- (kcrtx86)
DRV - [2010-09-01 14:05:27 | 000,037,944 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\JRSKD24.SYS -- (JRSKD24)
DRV - [2010-08-27 11:19:00 | 001,881,560 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\v3engine.sys -- (v3engine)
DRV - [2010-08-20 10:24:00 | 000,106,480 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\MeDCoreD.sys -- (MeDCoreD_V3LITE)
DRV - [2010-08-18 16:00:00 | 000,121,440 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\VPDrvNt.sys -- (VPDrvNt)
DRV - [2010-08-17 12:16:00 | 001,426,392 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ahnsze.sys -- (AhnSZE)
DRV - [2010-06-28 16:54:00 | 000,121,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2010-06-28 16:54:00 | 000,101,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2010-05-24 10:59:00 | 000,095,592 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmonTDNt.sys -- (AMonTDnt)
DRV - [2010-05-13 14:55:18 | 000,061,792 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npids.sys -- (NPIDS)
DRV - [2010-05-13 14:55:00 | 000,071,264 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npfwflt.sys -- (NPFWFLT)
DRV - [2010-05-13 11:47:42 | 000,147,424 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3Lite\V3Flt2k.sys -- (V3Flt2K)
DRV - [2010-05-13 11:47:20 | 000,112,608 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3Lite\ATamptNt.sys -- (ATamptNt_V3LITE)
DRV - [2010-04-22 10:39:14 | 000,031,840 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\npkakl.sys -- (npkakl)
DRV - [2009-09-17 17:41:12 | 000,052,800 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRghNt.sys -- (AhnRghNt)
DRV - [2009-09-17 17:40:10 | 000,020,416 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AhnRec2k.sys -- (AhnRec2k)
DRV - [2009-09-17 17:39:28 | 000,052,928 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys -- (AhnFlt2k)
DRV - [2009-09-10 15:29:08 | 000,055,200 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npkcrypt.sys -- (npkcrypt)
DRV - [2009-07-21 10:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009-05-28 11:07:40 | 000,124,480 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3Lite\ASZFltNt.sys -- (ASZFltNt)
DRV - [2009-05-04 20:56:36 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-05-04 16:11:46 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009-05-04 16:10:55 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008-12-18 19:57:42 | 000,024,312 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC)
DRV - [2008-11-26 20:16:40 | 000,020,424 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC)
DRV - [2008-04-14 03:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB 오디오 드라이버 (WDM)
DRV - [2008-04-14 03:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-14 03:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007-04-30 06:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Windows XP 32비트용 인텔(R)
DRV - [2007-04-10 03:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007-03-29 15:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007-03-24 23:43:46 | 000,251,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007-03-14 22:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2007-03-14 21:50:08 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007-03-07 15:51:08 | 000,311,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007-03-02 17:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007-03-02 17:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007-02-27 19:08:32 | 000,021,040 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007-02-27 18:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007-02-26 12:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-02-13 02:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007-02-08 12:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007-01-02 11:20:18 | 000,014,774 | ---- | M] (SITECSOFT Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nespot.sys -- (NespotP)
DRV - [2006-12-22 11:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-12-22 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-12-22 11:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-12-20 01:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006-11-06 17:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006-10-26 17:48:38 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006-10-23 10:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006-09-13 14:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006-09-13 12:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006-08-04 21:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2006-01-13 00:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005-11-08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005-07-13 03:55:00 | 000,013,840 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005-05-17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005-01-08 06:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001-08-27 15:07:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-08-17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.igoogle.com "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-12 17:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-12 17:38:17 | 000,000,000 | ---D | M]

[2009-05-04 20:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Mozilla\Extensions
[2010-09-01 14:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Mozilla\Firefox\Profiles\3y35w5s6.default\extensions
[2010-05-11 16:38:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\유민우\Application Data\Mozilla\Firefox\Profiles\3y35w5s6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-05-04 20:53:27 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\유민우\Application Data\Mozilla\Firefox\Profiles\3y35w5s6.default\searchplugins\daemon-search.xml
[2010-09-01 14:07:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-08-21 11:38:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-04-25 07:00:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-30 14:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009-10-06 11:05:18 | 000,200,914 | ---- | M] (INITECH (C)) -- C:\Program Files\Mozilla Firefox\plugins\npINISAFEWeb60.dll
[2010-05-12 17:05:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-05-12 17:05:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010-05-12 17:05:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010-05-12 17:05:20 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010-09-01 13:19:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader 링크 도우미) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AhnLab V3Lite Tray Process] C:\Program Files\AhnLab\V3Lite\V3LTray.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [ALYac] C:\Program Files\ESTsoft\ALYac\AYUpdate.exe (ESTsoft Corp)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Korean IME Migration] C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\BTTray.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bluetooth 장치로 보내기(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: 쇼핑 스트리트, 11번가 - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: hometax.go.kr ([]* in 신뢰할 수 있는 사이트)
O15 - HKCU\..Trusted Domains: iros.go.kr ([www] http in 신뢰할 수 있는 사이트)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {054BF5DC-6052-4235-9DB4-7CCDC28CF8B4} https://nxpartners.okcashbag.com/itrs/meps/ITRSClient.cab (RSA Class)
O16 - DPF: {15C09C80-BE98-4E30-B8C1-6B8935E32671} http://download.hts.nefficient.co.kr/hts/yesone/cab/MAOnFPS_NTS.cab (MAWS_NTSV Class)
O16 - DPF: {1A29905C-C082-11D4-9376-00AA00BFFB71} http://download.hts.nefficient.co.kr/hts/wcom/cab/checkVer.cab (checkVerX Control)
O16 - DPF: {1C8143AB-92ED-4C3C-A641-B5664530ED9F} http://www.iros.go.kr/icis/IPRTCrsIgmPrintX.cab (IPRTCrsIgmPrintX Control)
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB (Tpwin Control)
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} http://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20091117.cab (XacsPop Control)
O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} http://plugin.inicis.com/wallet61/INIwallet61.cab (INIwallet61 Control)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab (INISAFEWeb6 V6 Class)
O16 - DPF: {29A84C9B-9AC0-4A18-B0D7-60571B0E88CE} http://www.11st.co.kr/ocx/SKSCmaker.cab (SKShortcut Class)
O16 - DPF: {2BAD742D-7CC8-496D-9181-EE8A2CF873BD} http://www.cfolder.co.kr/app2/NewCabs/CFolderLauncher.cab (CFolderLauncher Class)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} https://www.epost.go.kr/comm/easykeytec/easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {325A2282-C738-4265-B43D-587926879609} http://www.iros.go.kr/iris/TrustedZoneCtrl.cab (TrustedZone Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} https://accesscontrol.citibank.co.kr/acsapp/keystroke/SCSK4.cab (SCSK Control)
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} http://pib.wooribank.com/com/common/SessionControl.cab (SessionControl Control)
O16 - DPF: {3B780B78-73B9-49B8-9630-3E60EDE61C73} http://www.wooribank.com/download/RDServer/MaDownloadRD.cab (MaDownloadRD Control)
O16 - DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} https://tx.allatpay.com/component/AllatPayRE.cab (AllatPayREAtl Class)
O16 - DPF: {3E086D34-0ED5-4A8E-BB6A-C4DF5AC4357B} http://download.kbstar.com/package/ibz/xgrid/KBXGridInstall.cab (XGrid Control)
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} http://mpi.dacom.net/XPayMPI/XPayMPIOCX.cab (XPayMPIOCX Control)
O16 - DPF: {49A572CA-62B0-4C57-9138-C9F546C84097} http://cybermap.co.kr/company/kyochon/CYBERMAP_ASP_KYOCHON.cab (CYBERMAP_ASP_KYOCHON Control)
O16 - DPF: {5372AA29-8474-4679-B89E-CDEFBB78DB2E} http://download.hts.nefficient.co.kr/hts/wcom/cab/BTWSSOClientForNTSItg.cab (SSOClientCtrl Class)
O16 - DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} https://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab (KCPUX Class)
O16 - DPF: {646D956E-6E48-4F84-98F9-67627A4D222A} http://www.diskman.co.kr/cab/20100426/dmudctrl.cab (DMWebAgentCtrl Class)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/G4C/CKKeyPro3023_32k.cab (XecureCKKB Class)
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} http://emailweb.sktelecom.com/inimas/autocontroll/IniMasPlugin.cab (IniMasHandler Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://gcc.nefficient.co.kr/gcc/vista/xecureweb/v7.2.3.3/xw_install.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} http://imgcdn.pandora.tv/pan_img/app/FirstLoad1.0.0.3.cab (PanLoader Class)
O16 - DPF: {834C7234-C9D7-4129-8D38-DF25EE3D265F} http://www.cybermap.co.kr/cm2000/company2/postoffice/CYBERMAP_ASP2_POSTOFFICE.cab (CYBERMAP_ASP2_POSTOFFICE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124 (CyImage Class)
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} http://dl.ipop.co.kr/ipop/ipopx.cab (Launcher Class)
O16 - DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} http://platform.nx.com/ActiveX/nxsysinfo.cab (CNxSysInfoCtrl Object)
O16 - DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} http://pgdownload.dacom.net/lgdacom/LGDacomXPayUpdater.cab (XPAYUpdater Control)
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.kr/file/kcp_ansimclick.cab (V3D Client Control)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} http://www.tworld.co.kr/common/cab/ewsinstaller_full.exe (SG_CAppAtx Control)
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.com/sayclub/sayctl/sayax.cab (Sayclub Login Control)
O16 - DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} http://www.esero.go.kr/CodeSign/INISAFEMailv4_9.cab (INISafeMailContainer Class)
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} https://mall.shinsegae.com/interface/object/BankPayEFT.cab (BankPayEFTCtrl Control)
O16 - DPF: {B6B8968B-F2CE-47C2-B749-E2BA385BB226} http://www.iros.go.kr/iris/MaPrintInfoCourt.cab (CourtPrintInfo Class)
O16 - DPF: {B795470F-8985-4868-97A0-FA0EA5F96FD1} http://platform.nx.com/ActiveX/nximg3.cab (CNxImageEditor3Ctrl Object)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} Reg Error: Key error. (EwsLoader Class)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://cdn.hangame.com/hangame/hansetup/HanSetup1020.cab (HanSetupCtrl1010 Class)
O16 - DPF: {C5D387A6-2770-432F-A5D7-5E886BED167F} http://emailimg.sktelecom.com/webprint/WebPriLoader_v1007.cab (WebPriLoaderCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} http://cyimg7.cyworld.com/cymusic/package/skcinst.cab (SKCInst1 Class)
O16 - DPF: {CF392830-663F-11D5-89EE-000086551DF6} http://download.hts.nefficient.co.kr/hts/wcom/cab/efile_crypto.cab (PS_NTSATL Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/cyber/npkcx_1005031.cab (NPKCX Control)
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} https://pay.kcp.co.kr/plugin/file/payplus.cab (Payplus Client Control)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} http://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab (KvpIspCtlD Control)
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} http://www.tworld.co.kr/initech/plugin/down/INIS50.cab (WebCtl Class)
O16 - DPF: {F37520B6-4FBE-4814-9022-9AD83EF3E203} http://www.wooribank.com/download/RDServer/SmartUpdate.cab (RD_SmartUpdate Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.com/activex/NaverAXGuide.cab (NaverAXGuide Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 202.30.143.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (현재 홈 페이지) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\유민우\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\유민우\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-10 21:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SCCF - C:\WINDOWS\System32\SCDF.DLL ()
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP50 - vp5vfw.dll File not found
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

oneofnine · 2010/09/01

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 90 Days ==========

[2010-09-01 14:29:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\유민우\바탕 화면\OTL.exe
[2010-09-01 13:40:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-09-01 02:09:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-09-01 01:58:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-09-01 01:58:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-09-01 01:58:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-09-01 01:58:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-09-01 01:56:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-09-01 01:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-08-31 15:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\Application Data\Space International
[2010-08-31 15:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Space International
[2010-08-31 00:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\바탕 화면\clean
[2010-08-30 21:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\바탕 화면\kcc
[2010-08-30 17:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nprotect
[2010-08-30 16:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\바탕 화면\security
[2010-08-30 15:04:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-08-30 14:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\Application Data\Malwarebytes
[2010-08-30 14:43:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-08-30 14:43:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-08-30 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-08-30 14:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-08-30 05:11:09 | 001,881,560 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2010-08-30 05:11:08 | 001,426,392 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2010-08-30 05:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AhnLab
[2010-08-30 05:07:51 | 000,087,648 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonTDLH.sys
[2010-08-30 05:07:51 | 000,052,928 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnFlt2k.sys
[2010-08-30 05:07:51 | 000,052,800 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRghNt.sys
[2010-08-30 05:07:51 | 000,020,416 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRec2k.sys
[2010-08-30 05:07:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2010-08-22 16:40:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010-08-21 11:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010-08-21 11:37:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010-08-13 11:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\My Documents\NZellBell
[2010-08-12 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-08-12 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-08-12 17:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-08-12 17:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010-08-04 09:59:10 | 000,320,904 | ---- | C] (Space International, Inc.) -- C:\WINDOWS\System32\EasyKeytecPKI.dll
[2010-07-22 18:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GRETECH
[2010-07-22 09:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\Client Security Solution
[2010-07-14 16:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\유민우\바탕 화면\ground zero
[2010-07-09 14:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2010-07-09 14:02:29 | 001,784,576 | ---- | C] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKMemLink.dll
[2010-07-07 18:08:26 | 000,036,864 | ---- | C] (소프트포럼) -- C:\WINDOWS\System32\XAntiRE_C.dll
[2010-07-05 17:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010-07-05 10:37:06 | 000,077,904 | ---- | C] (LG-CNS) -- C:\WINDOWS\System32\IPRTCrsIgmPrintX.ocx
[2010-06-25 18:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2010-06-25 18:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Samsung
[2010-06-25 18:28:01 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssdevm.dll
[2010-06-25 18:28:01 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\WINDOWS\System32\ssusbpn.dll
[2010-06-24 00:13:55 | 000,050,026 | ---- | C] (11st) -- C:\WINDOWS\System32\Uninstall_11stSC.exe
[2010-06-10 18:41:52 | 000,000,000 | ---D | C] -- C:\4f7cc525af6c43bd94c6b0b48e98bbd2

========== Files - Modified Within 90 Days ==========

[2010-09-01 14:53:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010-09-01 14:52:55 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010-09-01 14:52:52 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-01 14:50:37 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010-09-01 14:50:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-01 14:50:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-01 14:50:32 | 2103,734,272 | -HS- | M] () -- C:\hiberfil.sys
[2010-09-01 14:49:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\유민우\NTUSER.DAT
[2010-09-01 14:49:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\유민우\ntuser.ini
[2010-09-01 14:29:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\유민우\바탕 화면\OTL.exe
[2010-09-01 14:05:42 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DCBAB2EF-9DAB-4801-A794-3711DAC2F05B}.job
[2010-09-01 14:05:27 | 000,126,048 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kcrtx86.sys
[2010-09-01 14:05:27 | 000,037,944 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSKD24.SYS
[2010-09-01 14:05:27 | 000,012,728 | ---- | M] (SoftForum Corporation) -- C:\WINDOWS\System32\JRSUKD25.SYS
[2010-09-01 13:19:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-09-01 13:19:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-09-01 13:08:57 | 003,829,857 | R--- | M] () -- C:\Documents and Settings\유민우\바탕 화면\ComboFix.exe
[2010-09-01 02:57:05 | 000,235,520 | ---- | M] () -- C:\Documents and Settings\유민우\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-01 02:09:34 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2010-08-31 00:47:43 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\유민우\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-08-30 17:18:40 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\npconf.md5
[2010-08-30 17:18:07 | 000,000,429 | ---- | M] () -- C:\WINDOWS\System32\npzupdate.conf
[2010-08-30 04:44:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010-08-27 19:31:07 | 000,000,557 | ---- | M] () -- C:\WINDOWS\System32\KvpVer.tbl
[2010-08-27 18:20:41 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\유민우\Application Data\Microsoft\Internet Explorer\Quick Launch\곰플레이어.lnk
[2010-08-27 11:19:00 | 001,881,560 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2010-08-24 15:29:35 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010-08-24 15:29:07 | 003,530,140 | ---- | M] () -- C:\Documents and Settings\유민우\My Documents\Backup-(2010-08-24).cab
[2010-08-24 15:29:03 | 000,638,574 | ---- | M] () -- C:\Documents and Settings\유민우\My Documents\Backup-(2010-08-24).ipd
[2010-08-23 17:58:08 | 002,040,216 | ---- | M] (Allat Corp.) -- C:\WINDOWS\AllatPayRE.dll
[2010-08-23 09:55:00 | 000,089,817 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\Platform_Adoption.pdf
[2010-08-19 22:42:00 | 000,021,114 | ---- | M] () -- C:\WINDOWS\System32\teexcept.dat
[2010-08-17 12:16:00 | 001,426,392 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2010-08-16 22:02:00 | 002,142,491 | ---- | M] (INCA Internet Co., Ltd) -- C:\WINDOWS\System32\npmonz.exe
[2010-08-16 17:44:30 | 000,013,781 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\Hello there.docx
[2010-08-16 15:14:19 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010-08-16 09:52:49 | 000,015,769 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\안녕하세요.docx
[2010-08-13 11:54:20 | 007,231,776 | ---- | M] () -- C:\Documents and Settings\유민우\My Documents\NZellBell_20100310.exe
[2010-08-12 11:32:20 | 000,004,824 | ---- | M] () -- C:\Documents and Settings\유민우\encobject.dat
[2010-08-12 11:32:20 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\유민우\symkeys.dat
[2010-08-12 11:29:09 | 001,716,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-08-11 21:18:07 | 000,816,442 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-08-11 21:18:07 | 000,445,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-08-11 21:18:07 | 000,243,884 | ---- | M] () -- C:\WINDOWS\System32\perfh012.dat
[2010-08-11 21:18:07 | 000,072,912 | ---- | M] () -- C:\WINDOWS\System32\perfc012.dat
[2010-08-11 21:18:07 | 000,072,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-08-11 16:20:51 | 000,021,811 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\AMsystemMusicLicenseContractSample.pdf
[2010-08-11 16:19:10 | 000,066,043 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\Ecast_UAP_Master_Pub_Agreemen_1209.pdf
[2010-08-09 18:04:18 | 001,020,148 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\scan100809-2.pdf
[2010-08-06 12:28:52 | 013,793,883 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\gdc-2010-100309221117-phpapp02.pdf
[2010-08-04 15:27:30 | 000,070,040 | ---- | M] () -- C:\WINDOWS\AllatKeyIn.exe
[2010-08-04 12:39:15 | 000,033,092 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\Mish copy.rtf
[2010-08-04 09:59:10 | 000,320,904 | ---- | M] (Space International, Inc.) -- C:\WINDOWS\System32\EasyKeytecPKI.dll
[2010-08-01 14:45:56 | 006,750,208 | ---- | M] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2010-07-28 17:26:04 | 000,300,568 | ---- | M] (Dacom Multimedia Internet Corp.) -- C:\WINDOWS\System32\NaverFDL.exe
[2010-07-28 17:25:58 | 000,292,376 | ---- | M] (Dacom Multimedia Internet Corp.) -- C:\WINDOWS\System32\NaverFile.ocx
[2010-07-28 12:33:44 | 000,127,488 | ---- | M] (㈜더존씨앤티) -- C:\WINDOWS\System32\Qrdll.dll
[2010-07-26 13:00:41 | 000,178,196 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\일본소셜게임관련 - 데브시스터즈.pptx
[2010-07-23 11:18:26 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\lindsay lohan.rtf
[2010-07-20 21:51:50 | 000,426,270 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npeutilex.dll
[2010-07-20 14:11:02 | 009,258,218 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.7.pdf
[2010-07-20 14:08:33 | 026,404,009 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.7.pptx
[2010-07-17 16:24:03 | 001,205,544 | ---- | M] () -- C:\WINDOWS\System32\ISPPopUpDlg.exe
[2010-07-15 22:36:18 | 016,791,191 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.6.pdf
[2010-07-15 22:35:13 | 026,878,968 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.6.pptx
[2010-07-15 22:18:25 | 016,840,896 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_v1.5.pdf
[2010-07-15 14:13:46 | 000,120,184 | ---- | M] () -- C:\WINDOWS\System32\KCPPaymentUX.dll
[2010-07-15 13:16:54 | 000,135,168 | ---- | M] ((주)한국사이버결제) -- C:\WINDOWS\System32\kcp_ansimclick.dll
[2010-07-14 16:56:48 | 000,138,512 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\iAdNetworkContract_v1.pdf
[2010-07-14 14:51:00 | 000,382,858 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\item_100714.pptx
[2010-07-09 14:02:29 | 001,784,576 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKMemLink.dll
[2010-07-07 18:08:26 | 000,036,864 | ---- | M] (소프트포럼) -- C:\WINDOWS\System32\XAntiRE_C.dll
[2010-07-07 15:33:05 | 000,000,862 | ---- | M] () -- C:\WINDOWS\rdviewer50.ini
[2010-07-05 10:37:06 | 000,077,904 | ---- | M] (LG-CNS) -- C:\WINDOWS\System32\IPRTCrsIgmPrintX.ocx
[2010-07-05 10:36:12 | 000,647,248 | ---- | M] () -- C:\WINDOWS\System32\IPRTCrsIgmPrintM.dll
[2010-07-02 18:08:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\MaCourtPrintInfo.dll
[2010-06-24 00:13:55 | 000,050,026 | ---- | M] (11st) -- C:\WINDOWS\System32\Uninstall_11stSC.exe
[2010-06-16 16:50:50 | 002,065,960 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSK4.ocx
[2010-06-16 16:48:14 | 001,324,568 | ---- | M] (SoftCamp Co.,Ltd.) -- C:\WINDOWS\System32\SCSKAppLink.dll
[2010-06-16 11:47:22 | 000,242,360 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\TeCtrl.dll
[2010-06-15 10:31:34 | 000,265,672 | ---- | M] () -- C:\WINDOWS\System32\MaPrintInfoCourt.dat
[2010-06-10 17:07:00 | 007,147,184 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\Fish_rev01.pdf
[2010-06-09 23:12:12 | 000,207,456 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npkcmsvc.exe
[2010-06-08 14:22:07 | 000,362,584 | ---- | M] () -- C:\Documents and Settings\유민우\바탕 화면\iphone_standard_agreement_20100607.pdf
[2010-06-07 17:13:36 | 000,484,928 | ---- | M] (정보인증센터) -- C:\WINDOWS\System32\SGHSMKey.dll
[2010-06-07 17:13:32 | 000,906,816 | ---- | M] (SG) -- C:\WINDOWS\System32\ps_ntscrypto.dll
[2010-06-07 17:13:30 | 000,288,320 | ---- | M] (SG) -- C:\WINDOWS\System32\ps_dlglib.dll
[2010-06-07 17:13:26 | 000,075,328 | ---- | M] (SG) -- C:\WINDOWS\System32\ps_nts.dll
[2010-06-07 14:42:44 | 000,241,664 | ---- | M] () -- C:\WINDOWS\System32\PubCertDlg.dll

========== Files Created - No Company Name ==========

[2010-09-01 02:09:34 | 000,000,203 | ---- | C] () -- C:\Boot.bak
[2010-09-01 02:09:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010-09-01 01:58:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-09-01 01:58:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-09-01 01:58:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-09-01 01:58:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-09-01 01:58:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-09-01 01:50:41 | 003,829,857 | R--- | C] () -- C:\Documents and Settings\유민우\바탕 화면\ComboFix.exe
[2010-08-30 14:43:18 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\유민우\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010-08-24 15:29:07 | 003,530,140 | ---- | C] () -- C:\Documents and Settings\유민우\My Documents\Backup-(2010-08-24).cab
[2010-08-24 15:29:03 | 000,638,574 | ---- | C] () -- C:\Documents and Settings\유민우\My Documents\Backup-(2010-08-24).ipd
[2010-08-23 09:55:00 | 000,089,817 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\Platform_Adoption.pdf
[2010-08-16 17:44:29 | 000,013,781 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\Hello there.docx
[2010-08-16 15:14:19 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\scskConfigEH.ini
[2010-08-13 11:54:10 | 007,231,776 | ---- | C] () -- C:\Documents and Settings\유민우\My Documents\NZellBell_20100310.exe
[2010-08-12 18:55:03 | 000,015,769 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\안녕하세요.docx
[2010-08-12 11:32:20 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\유민우\symkeys.dat
[2010-08-12 11:32:19 | 000,004,824 | ---- | C] () -- C:\Documents and Settings\유민우\encobject.dat
[2010-08-11 16:20:51 | 000,021,811 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\AMsystemMusicLicenseContractSample.pdf
[2010-08-11 16:19:10 | 000,066,043 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\Ecast_UAP_Master_Pub_Agreemen_1209.pdf
[2010-08-09 18:04:11 | 001,020,148 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\scan100809-2.pdf
[2010-08-06 12:28:52 | 013,793,883 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\gdc-2010-100309221117-phpapp02.pdf
[2010-07-26 13:00:41 | 000,178,196 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\일본소셜게임관련 - 데브시스터즈.pptx
[2010-07-23 11:53:13 | 000,033,092 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\Mish copy.rtf
[2010-07-23 11:18:26 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\lindsay lohan.rtf
[2010-07-20 14:11:02 | 009,258,218 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.7.pdf
[2010-07-20 14:03:33 | 026,404,009 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.7.pptx
[2010-07-15 22:36:18 | 016,791,191 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.6.pdf
[2010-07-15 22:32:46 | 026,878,968 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_1_v1.6.pptx
[2010-07-15 22:18:23 | 016,840,896 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\sng30min_v1.5.pdf
[2010-07-15 14:13:46 | 000,120,184 | ---- | C] () -- C:\WINDOWS\System32\KCPPaymentUX.dll
[2010-07-14 16:56:48 | 000,138,512 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\iAdNetworkContract_v1.pdf
[2010-07-14 14:51:00 | 000,382,858 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\item_100714.pptx
[2010-07-05 10:36:12 | 000,647,248 | ---- | C] () -- C:\WINDOWS\System32\IPRTCrsIgmPrintM.dll
[2010-07-02 18:08:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\MaCourtPrintInfo.dll
[2010-06-25 18:29:17 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010-06-25 18:27:48 | 000,005,430 | ---- | C] () -- C:\WINDOWS\AnyWeb Print.ico
[2010-06-15 10:31:34 | 000,265,672 | ---- | C] () -- C:\WINDOWS\System32\MaPrintInfoCourt.dat
[2010-06-10 17:07:00 | 007,147,184 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\Fish_rev01.pdf
[2010-06-08 14:22:07 | 000,362,584 | ---- | C] () -- C:\Documents and Settings\유민우\바탕 화면\iphone_standard_agreement_20100607.pdf
[2010-05-03 15:46:03 | 000,143,460 | ---- | C] () -- C:\WINDOWS\System32\INIWEBCryptoWrapper.dll
[2010-04-08 09:57:58 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\RptLogo.dll
[2010-04-07 13:22:36 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\MKERCMSImg.dll
[2010-03-10 16:31:47 | 000,000,862 | ---- | C] () -- C:\WINDOWS\rdviewer50.ini
[2010-01-14 13:59:00 | 000,103,752 | ---- | C] () -- C:\WINDOWS\System32\MAOnFPS_NTSC.dll
[2010-01-14 13:58:58 | 000,439,624 | ---- | C] () -- C:\WINDOWS\System32\MAOnFPS_NTSV.dll
[2009-11-30 17:04:08 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\JPMCImg.dll
[2009-11-19 15:35:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WCXGRes.dll
[2009-11-02 15:13:15 | 000,003,496 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009-10-01 11:19:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-01 11:19:06 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\SCDF.DLL
[2009-10-01 11:19:02 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-09-23 14:41:42 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\DGBImg.dll
[2009-09-22 15:06:20 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\KDBImg.dll
[2009-09-16 17:05:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\vshook.sys
[2009-09-11 00:31:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-09-10 16:34:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\KNBankImg.dll
[2009-09-07 16:59:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\y5wrapper.dll
[2009-09-07 16:59:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\y5winwrap.dll
[2009-09-07 16:57:46 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\y5csel.dll
[2009-09-02 09:07:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\y5cview.dll
[2009-09-02 09:07:44 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\y5cert.dll
[2009-09-02 09:07:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\y5clist.dll
[2009-09-01 18:16:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\y5base.dll
[2009-08-14 02:30:18 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-07-29 18:41:58 | 001,147,576 | ---- | C] () -- C:\WINDOWS\System32\HanWebMsg1057.dll
[2009-07-23 15:09:36 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009-06-19 23:46:04 | 000,066,920 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll
[2009-06-18 11:02:18 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\HanaImg.dll
[2009-06-15 17:59:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini
[2009-06-15 17:56:26 | 000,566,272 | R--- | C] () -- C:\WINDOWS\System32\NETFFICE.DLL
[2009-06-15 17:56:26 | 000,027,688 | R--- | C] () -- C:\WINDOWS\System32\MTIFMON.DLL
[2009-05-23 13:54:26 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\INIcrypto20.dll
[2009-05-23 13:54:25 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\PubCertDlg.dll
[2009-05-23 13:54:22 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\INICertManUI.dll
[2009-05-23 13:54:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ISP_crgen.dll
[2009-05-23 13:54:20 | 006,750,208 | ---- | C] () -- C:\WINDOWS\System32\KvpVcmd.dll
[2009-05-05 02:21:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\cosa.dll
[2009-05-05 00:01:59 | 000,235,520 | ---- | C] () -- C:\Documents and Settings\유민우\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-04 20:32:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\InstPdrv.INI
[2009-05-04 16:27:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\유민우\Local Settings\Application Data\fusioncache.dat
[2009-05-04 16:20:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-05-04 16:10:25 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009-05-04 15:59:18 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009-05-04 15:59:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2009-05-04 15:57:30 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009-05-04 15:56:34 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009-05-04 15:45:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2009-05-04 15:37:19 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys
[2009-05-04 15:37:19 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys
[2009-05-04 15:37:19 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys
[2009-05-04 15:37:18 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys
[2009-05-04 15:36:02 | 000,001,728 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009-04-16 12:29:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SomangImg.dll
[2009-04-06 17:16:34 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll
[2009-04-03 14:09:48 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\smbaImg.dll
[2009-03-23 17:33:42 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\TomatoImg.dll
[2009-03-23 17:33:42 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\SolomonImg.dll
[2009-03-02 20:59:26 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\KiupImg.dll
[2009-02-27 15:31:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\gbankImg.dll
[2009-01-08 16:18:04 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\KiupPsnImg.dll
[2008-12-31 12:07:16 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\PusanImg.dll
[2008-11-19 10:41:56 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\KBStarImg.dll
[2008-09-18 11:04:00 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\KvpUpCom.dll
[2008-09-10 16:42:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\chestImg.dll
[2008-08-22 13:41:54 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\WelcoImg.dll
[2008-08-22 13:39:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\WooriImg.dll
[2008-08-22 13:39:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\MaptImg.dll
[2008-08-22 13:39:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\KepcoImg.dll
[2008-08-22 13:39:04 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\HSBImg.dll
[2008-08-22 13:39:04 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\HSBCImg.dll
[2008-08-22 13:39:04 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\HanaTourImg.dll
[2008-08-22 13:38:34 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\EmoreImg.dll
[2008-08-22 13:38:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\CityImg.dll
[2008-08-22 13:38:24 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\CfmsImg.dll
[2008-08-22 13:38:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\AllinOneImg.dll
[2008-05-01 14:38:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\libitrs32.dll
[2008-04-01 13:49:12 | 000,124,432 | ---- | C] () -- C:\WINDOWS\System32\PanInstaller.dll
[2008-04-01 13:49:06 | 000,083,480 | ---- | C] () -- C:\WINDOWS\System32\FirstLoad.dll
[2008-02-13 17:01:26 | 000,050,520 | ---- | C] () -- C:\WINDOWS\System32\MaAPIVistaRD.dll
[2007-03-02 21:15:36 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007-03-02 21:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007-02-27 17:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007-02-27 17:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007-01-25 18:09:22 | 000,032,640 | ---- | C] () -- C:\WINDOWS\System32\vshooksc.sys
[2007-01-25 18:09:22 | 000,032,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\vshooksc.sys
[2007-01-25 18:05:14 | 000,033,664 | ---- | C] () -- C:\WINDOWS\System32\VSHOOK.sys
[2006-09-05 14:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005-11-24 22:42:44 | 000,026,496 | ---- | C] () -- C:\WINDOWS\System32\vphooksc.sys
[2005-11-24 22:42:44 | 000,026,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\vphooksc.sys
[2005-06-30 17:36:24 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\CMImageU.dll
[2005-05-27 21:25:08 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\certstore.dll
[2005-05-27 19:46:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INIvcs.dll
[2005-02-21 15:28:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\usbdll.dll
[2005-02-17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004-01-10 17:26:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MACS.dll
[2001-11-14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010-08-30 05:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2010-08-07 16:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clunet
[2009-05-04 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-05-04 21:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009-11-05 16:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2009-05-04 16:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009-05-04 21:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010-07-09 14:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftCamp
[2010-08-18 10:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010-06-26 15:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009-05-04 15:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010-08-12 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-09-10 12:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-05-04 23:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009-05-14 01:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009-05-05 02:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\AhnLab
[2009-08-13 00:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\CFolderRush
[2009-05-05 02:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\ClientKeeper
[2009-12-01 00:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Clunet
[2009-04-25 13:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009-05-04 21:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\DAEMON Tools Lite
[2010-03-30 15:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Facebook
[2009-06-15 18:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Hnc
[2009-05-04 20:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\IPOPMEDIA
[2009-05-04 21:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Lenovo
[2009-09-19 16:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Research In Motion
[2010-08-31 15:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Space International
[2009-07-06 14:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1
[2010-04-26 15:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009-10-30 13:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\유민우\Application Data\Unity
[2010-08-30 04:44:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010-09-01 14:05:42 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DCBAB2EF-9DAB-4801-A794-3711DAC2F05B}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006-09-10 21:50:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-18 17:43:11 | 000,000,203 | ---- | M] () -- C:\Boot.bak
[2010-09-01 02:09:34 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2006-08-04 21:00:00 | 000,654,336 | RHS- | M] () -- C:\bootfont.bin
[2009-05-04 16:26:42 | 000,000,211 | ---- | M] () -- C:\boot_old.ini
[2010-03-04 02:12:47 | 000,003,234 | ---- | M] () -- C:\BTWSSOInstall.Log
[2004-08-03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010-09-01 13:28:56 | 000,033,826 | ---- | M] () -- C:\ComboFix.txt
[2006-09-10 21:50:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-04 16:05:01 | 000,002,792 | ---- | M] () -- C:\drivez.log
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010-09-01 14:50:32 | 2103,734,272 | -HS- | M] () -- C:\hiberfil.sys
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006-09-10 21:50:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-08-30 18:22:33 | 000,013,863 | ---- | M] () -- C:\JavaRa.log
[2010-01-18 17:44:13 | 000,003,569 | ---- | M] () -- C:\markany_log.txt
[2006-09-10 21:50:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-08-04 21:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-05-08 15:12:20 | 000,259,776 | RHS- | M] () -- C:\NTLDR
[2010-09-01 14:50:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-05-05 07:44:49 | 000,000,093 | ---- | M] () -- C:\syslevel.lgl
[2010-09-01 14:50:36 | 000,010,872 | ---- | M] () -- C:\TPHKLOCK.TXT
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007-08-14 03:40:20 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cl31cpc.dll
[2008-07-06 21:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008-04-14 11:26:42 | 000,336,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
[2006-08-04 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101a.dll
[2001-08-17 14:55:56 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd103.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006-09-11 06:38:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006-09-11 06:38:33 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006-09-11 06:38:33 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008-04-14 11:27:03 | 000,576,000 | ---- | M] (Microsoft Corporation) MD5=FA7E82375EFF017BFE4740593C0431AE -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008-04-14 11:27:05 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=1F23DDCD6A5675054FE2DF6C0DB99BBC -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008-04-14 11:27:05 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=90AFFACB3C4F110BA63DF2BE93F2E41A -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

broni · 2010/09/01

Good news

You're running extremely low on C drive free space:

Drive C: | 228.72 Gb Total Space | 3.11 Gb Free Space | 1.36% Space Free
Click to expand...

You need to start moving some stuff out, or your computer may become not bootable one day.

=============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} Reg Error: Key error. (EwsLoader Class)


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

oneofnine · 2010/09/02

Yes. Space. I need to free up some. Thank you for the word of caution

OTL Log
---

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33718 bytes

User: 유민우
->Temp folder emptied: 5641740 bytes
->Temporary Internet Files folder emptied: 37751507 bytes
->Java cache emptied: 261868 bytes
->FireFox cache emptied: 72268646 bytes
->Google Chrome cache emptied: 92743308 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 13212 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 299974 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 199.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: 유민우
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09032010_122410

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

oneofnine · 2010/09/02

SecurityCheck Log
---

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 8 - Korean
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

``````````End of Log````````````

broni · 2010/09/02

1. Update Firefox

2. Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

Log in or Sign up

Solved V3 and Alyac Unresponsive to Virus

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved V3 and Alyac Unresponsive to Virus

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

oneofnine Inactive Thread Starter

oneofnine Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches