[Resolved] Computer calling me a loser ><;;

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

3 Pages

1 2 3 >

[Resolved] Computer calling me a loser ><;;

Options

meepmeep1101 View Member Profile	Oct 28 2009, 07:03 PM Post #1
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	So for about the past 2-3 weeks...very randomly my computer calls me a loser..and its only when I'm listening to music or watching a video and I am the only one in the room..hah...And also recently a windows box comes up and says that "windows explorer is not working"...so i press the restart button. It just makes my screen blink and everything is still there, but after that, my "My documents" window comes up too. I ran the scan, and this is what I got: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:59:17 PM, on 10/28/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\iTHINK\iThink.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files (x86)\AIM6\aim6.exe C:\Program Files (x86)\AIM6\aolsoftware.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Windows\SysWOW64\notepad.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll O2 - BHO: BabyMaker Toolbar - {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} - C:\Program Files (x86)\BabyMaker\tbBaby.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: VDict toolbar - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\PROGRA~2\VDICTT~1\vdict.dll O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [iTHINK] "C:\Program Files (x86)\iTHINK\iThink.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax",DllRegisterServer O4 - HKLM\..\RunOnce: [NSIS.Library.RegTool.v3] "C:\Program Files (x86)\DivX\DivX Codec\X64\NSIS.Library.RegTool.v3.{2D2F560C-D0AC-42D8-8520-BC43F620991E}.exe" /S O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - https://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin5.0.021...eetnoagent7.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.star.hawaii.edu:10012/studentin...Script/smsx.cab O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillusion.com/help/myDancer1020.cab O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} (S2PlayerPan Class) - http://listen.daum.net/52st/52street/S2MusicPlayer.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} (nPCom2 Control) - http://update.nprotect.net/nprotect2007/pusan/npstarter.cab O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} (PrunaDownloadControl Control) - http://download.pruna.com/update/pruna2008...loadControl.cab O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumActive...cab?ver=2,0,0,5 O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillusion.com/help/iDanceUpdater1034.cab O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} (MOPlayerWnd2 Class) - http://www.melon.com/cab/P3MelWebInstall.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://player.muz.co.kr/package/installer2...03/p3Instal.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/pusan/npkcx.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://poipubeach.serveftp.net:5001/activex/AMC.cab O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\SysWOW64\urlmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 19864 bytes And this is my startup list* StartupList report, 10/28/2009, 2:42:40 PM StartupList version: 1.52.2 Started from : C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows Vista SP1 (WinNT 6.00.1905) Detected: Internet Explorer v8.00 (8.00.6001.18828) * Using default options ================================================== Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\iTHINK\iThink.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files (x86)\AIM6\aim6.exe C:\Program Files (x86)\AIM6\aolsoftware.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\Windows\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DVDAgent = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" TSMAgent = "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" CLMLServer for HP TouchSmart = "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" TVAgent = "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" UpdateLBPShortCut = "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" UpdatePSTShortCut = "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" QlbCtrl.exe = "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start UpdateP2GoShortCut = "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" UpdatePDIRShortCut = "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" SunJavaUpdateSched = "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe hpWirelessAssistant = C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe iTHINK = "C:\Program Files (x86)\iTHINK\iThink.exe" ShStatEXE = "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE McAfeeUpdaterUI = "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (Default) = AT&T Communication Manager = "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" PC Alarm Clock = "C:\Program Files (x86)\PC Alarm Clock\pcalarmclock.exe" QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime UCam_Menu = "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" HP Health Check Scheduler = c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce B Register C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax = "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Codec\divxdec.ax",DllRegisterServer NSIS.Library.RegTool.v3 = "C:\Program Files (x86)\DivX\DivX Codec\X64\NSIS.Library.RegTool.v3.{2D2F560C-D0AC-42D8-8520-BC43F620991E}.exe" /S -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LightScribe Control Panel = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden ehTray.exe = C:\Windows\ehome\ehTray.exe Messenger (Yahoo!) = "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet Aim6 = DAEMON Tools Pro Agent = "C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe" -autorun myQuickFind = c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe VeohPlugin = "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" AdobeUpdater6 = "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\Windows\SysWOW64\mshta.exe "%1" %* -------------------------------------------------- Shell & screensaver key from C:\Windows\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=explorer.exe SCRNSAVE.EXE=C:\Windows\system32\MONKEY~1.SCR drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670} AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB} (no name) - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} scriptproxy - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} (no name) - C:\Program Files (x86)\free-downloads.net\tbfree.dll - {ecdee021-0d17-467f-a1ff-c7a115230949} (no name) - C:\Program Files (x86)\BabyMaker\tbBaby.dll - {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} -------------------------------------------------- Enumerating Task Scheduler jobs: HPCeeScheduleForChae Eun.job -------------------------------------------------- Enumerating Download Program Files: [QuickTime Object] InProcServer32 = C:\Program Files (x86)\QuickTime\QTPlugin.ocx CODEBASE = http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab [{063F7D71-5E0B-48F2-87D5-F63C5917947E}] CODEBASE = https://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab [Street Technologies ActiveX Control Object] InProcServer32 = C:\Windows\Downloaded Program Files\iestm32.dll CODEBASE = http://www2.stlu.com/plugins/Plugin5.0.021...eetnoagent7.cab [Facebook Photo Uploader 5 Control] InProcServer32 = C:\Windows\Downloaded Program Files\PhotoUploader5.ocx CODEBASE = http://upload.facebook.com/controls/2008.1...toUploader5.cab [SpinTop DRM Control] InProcServer32 = C:\Windows\DOWNLO~1\CONFLICT.1\stg_drm.ocx CODEBASE = file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx [MeadCo ScriptX] InProcServer32 = C:\Windows\SysWow64\MCScripX.dll CODEBASE = https://www.star.hawaii.edu:10012/studentin...Script/smsx.cab OSD = C:\Windows\Downloaded Program Files\smsx.osd [Shockwave ActiveX Control] InProcServer32 = C:\Windows\SysWow64\Adobe\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\Windows\SysWow64\LegitCheckControl.DLL CODEBASE = http://download.microsoft.com/download/C/0...heckControl.cab [myDancerCTL Class] InProcServer32 = C:\Windows\Downloaded Program Files\myDancer1020.dll CODEBASE = http://web.spaceillusion.com/help/myDancer1020.cab [S2PlayerPan Class] InProcServer32 = C:\Windows\Downloaded Program Files\S2MusicPlayer.dll CODEBASE = http://listen.daum.net/52st/52street/S2MusicPlayer.dll [Snapfish Activia] InProcServer32 = C:\Windows\Downloaded Program Files\SnapfishActivia1000.ocx CODEBASE = http://photo2.walgreens.com/WalgreensActivia.cab [DLM Control] InProcServer32 = C:\Windows\DOWNLO~1\DOWNLO~1.OCX CODEBASE = http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab [MySpace Uploader Control] InProcServer32 = C:\Windows\Downloaded Program Files\MySpaceUploader.ocx CODEBASE = http://lads.myspace.com/upload/MySpaceUploader1006.cab [SysData Class] InProcServer32 = C:\Windows\DOWNLO~1\SysInfo.dll CODEBASE = https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab [nPCom2 Control] InProcServer32 = C:\Windows\SysWow64\NPSTAR~1.OCX CODEBASE = http://update.nprotect.net/nprotect2007/pusan/npstarter.cab [CSEQueryObject Object] InProcServer32 = C:\Windows\Downloaded Program Files\SearchEngineQuery.dll CODEBASE = http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll [DivXBrowserPlugin Object] InProcServer32 = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll CODEBASE = http://download.divx.com/player/DivXBrowserPlugin.cab [Facebook Photo Uploader 5 Control] InProcServer32 = C:\Windows\Downloaded Program Files\PhotoUploader55.ocx CODEBASE = http://upload.facebook.com/controls/2009.0...oUploader55.cab [PrunaDownloadControl Control] InProcServer32 = C:\Windows\SysWow64\PRUNAD~1.OCX CODEBASE = http://download.pruna.com/update/pruna2008...loadControl.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab [Daum ActiveX manager Class] InProcServer32 = C:\Windows\SysWow64\DaumActiveX.dll CODEBASE = http://mail.daum.net/hanmail-ax/DaumActive...cab?ver=2,0,0,5 [SiUpdaterCtrl Class] InProcServer32 = C:\Windows\Downloaded Program Files\iDanceUpdater1034.dll CODEBASE = http://web.spaceillusion.com/help/iDanceUpdater1034.cab [MOPlayerWnd2 Class] InProcServer32 = C:\Windows\SysWow64\MelonWebPlayer.dll CODEBASE = http://www.melon.com/cab/P3MelWebInstall.cab [ArmHelper Control] InProcServer32 = ./Images/armhelper.ocx CODEBASE = file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx [PcubeSet Class] InProcServer32 = C:\Windows\p3instl1.dll CODEBASE = http://player.muz.co.kr/package/installer2...03/p3Instal.cab [Shockwave Flash Object] InProcServer32 = C:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [NPKCX Control] InProcServer32 = C:\Windows\SysWow64\npkcx.ocx CODEBASE = http://update.nprotect.net/keycrypt/pusan/npkcx.cab [AxisMediaControlEmb Class] InProcServer32 = C:\Program Files (x86)\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll CODEBASE = http://poipubeach.serveftp.net:5001/activex/AMC.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\Windows\system32\NLAapi.dll NameSpace #2: C:\Windows\system32\napinsp.dll NameSpace #3: C:\Windows\system32\pnrpnsp.dll NameSpace #4: C:\Windows\system32\pnrpnsp.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: WebCheck: C:\Windows\SysWOW64\webcheck.dll -------------------------------------------------- End of report, 13,976 bytes Report generated in 0.203 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Please and thankyou^O^ Help me please

CatByte View Member Profile	Oct 29 2009, 06:27 AM Post #2
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Please do the following: Please download OTL from HERE Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Push the button. Two reports will open, copy and paste them in a reply here: OTListIt.txt <-- Will be opened Extra.txt <-- Will be minimized

CatByte View Member Profile	Oct 29 2009, 12:16 PM Post #4
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Please do the following: Note: Please plug your removable media (thumb drive) into your F: drive during this fix. Please reopen on your desktop. Copy and Paste the following code into the textbox. Do not include the word "Code" CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} - Reg Error: Key error. File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found. O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found. O3 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\..\Toolbar\WebBrowser: (no name) - {EE1CF5AE-0CEB-491D-9485-7F5C01CDD895} - No CLSID value found. O33 - MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\Shell\AutoRun\command - "" = F:\squdq.com -- File not found O33 - MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\Shell\open\Command - "" = F:\squdq.com -- File not found O33 - MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\Shell - "" = AutoRun O33 - MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\Shell - "" = AutoRun O33 - MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -- File not found :Commands [purity] [emptytemp] [Reboot] Push OTL may ask to reboot the machine. Please do so if asked. Click . A report will open. Copy and Paste that report in your next reply. NEXT Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so. NEXT Note: As a Vista user > right click your browser and run as an Administrator Using Internet Explorer or Firefox, visit Kaspersky Online Scanner: 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

meepmeep1101 View Member Profile	Oct 29 2009, 06:35 PM Post #5
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	All processes killed ========== OTL ========== No active process named explorer.exe was found! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ee1cf5ae-0ceb-491d-9485-7f5c01cdd895} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1cf5ae-0ceb-491d-9485-7f5c01cdd895}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. Registry value HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ not found. Registry value HKEY_USERS\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE1CF5AE-0CEB-491D-9485-7F5C01CDD895} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE1CF5AE-0CEB-491D-9485-7F5C01CDD895}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found. File F:\squdq.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b259e79-0998-11de-9c6e-00235a207d20}\ not found. File F:\squdq.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c02ea824-91cc-11de-98dc-00235a207d20}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c02ea824-91cc-11de-98dc-00235a207d20}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c02ea824-91cc-11de-98dc-00235a207d20}\ not found. File move failed. H:\LaunchU3.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2dfff9b-435b-11de-9cee-00235a207d20}\ not found. File G:\WIN\setup.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Chae Eun File delete failed. C:\Users\Chae Eun\AppData\Local\Temp\NAILogs\UpdaterUI_CHAEEUN-PC.log scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot. ->Temp folder emptied: 128550 bytes File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\aimradio_streamops_aol_com[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\AIM_UAC_v2[2].adp scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[2].php scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[4].php scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\Computer_calling_me_loser_t107983[1].html scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\m_www_yahoo_com[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\tcode3[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY0D4KZ0\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\pass[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\size=120x90;noperf=1;alias=93245558;kvmn=93245558;target=_blank;aduho=600;g rp=853826516;misc=853826516[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\tcodewads_at[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\01[2].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\tcodeqt[1].htm scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 122650540 bytes ->Java cache emptied: 8302254 bytes ->FireFox cache emptied: 52410375 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Documents and Settings User: Guest ->Temp folder emptied: 339150 bytes ->Temporary Internet Files folder emptied: 440628758 bytes ->FireFox cache emptied: 77324400 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes File delete failed. C:\Windows\temp\TMP0000002145A9E6155137E67F scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\WFV27DA.tmp scheduled to be deleted on reboot. Windows Temp folder emptied: 236104150 bytes RecycleBin emptied: 1013160723 bytes Total Files Cleaned = 1860.70 mb OTL by OldTimer - Version 3.0.22.1 log created on 10292009_140842 Files\Folders moved on Reboot... File\Folder H:\LaunchU3.exe not found! C:\Users\Chae Eun\AppData\Local\Temp\NAILogs\UpdaterUI_CHAEEUN-PC.log moved successfully. C:\Users\Chae Eun\AppData\Local\Temp\ehmsas.txt moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\aimradio_streamops_aol_com[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\AIM_UAC_v2[2].adp moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[2].php moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\client_ad[4].php moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\Computer_calling_me_loser_t107983[1].html moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\iframe[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\m_www_yahoo_com[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5DJP7N\tcode3[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY0D4KZ0\iframe[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\iframe[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\pass[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\size=120x90;noperf=1;alias=93245558;kvmn=93245558;target=_blank;aduho=600;g rp=853826516;misc=853826516[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZS0JV4M\tcodewads_at[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\01[2].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\iframe[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YDNBZAG\tcodeqt[1].htm moved successfully. C:\Users\Chae Eun\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File\Folder C:\Windows\temp\TMP0000002145A9E6155137E67F not found! File\Folder C:\Windows\temp\WFV27DA.tmp not found! Registry entries deleted on Reboot... _________________________________________ Malwarebytes' Anti-Malware 1.41 Database version: 3057 Windows 6.0.6001 Service Pack 1 10/29/2009 2:56:38 PM mbam-log-2009-10-29 (14-56-38).txt Scan type: Quick Scan Objects scanned: 101734 Time elapsed: 20 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _______________________________________ The Online scanner thing just sits there....The accept button never pops ups..or is clickable This post has been edited by meepmeep1101: Oct 29 2009, 07:43 PM

CatByte View Member Profile	Oct 29 2009, 09:59 PM Post #6
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Try this one instead: Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC Now button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

meepmeep1101 View Member Profile	Oct 30 2009, 10:37 AM Post #7
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	Oh..I did disable my virus thing for it to scan..><;; ;***************************************************************************** ***************************************************************************** *************** ANALYSIS: 2009-10-30 06:32:54 PROTECTIONS: 1 MALWARE: 51 SUSPECTS: 5 ;*************************************************************************** ***************************************************************************** ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== McAfee VirusScan Enterprise 8.5.0.781 No Yes ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[5].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[1].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[3].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@trafficmp[4].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@trafficmp[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@casalemedia[1].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@casalemedia[4].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@casalemedia[3].txt 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@doubleclick[3].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atdmt[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atdmt[4].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[3].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[5].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@247realmedia[6].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[3].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[4].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[5].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[6].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@fastclick[2].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@fastclick[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[5].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[6].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@tribalfusion[3].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@tribalfusion[3].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@mediaplex[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@mediaplex[1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[3].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[8].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[4].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[6].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[7].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@mediaplex[2].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@linksynergy[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@linksynergy[2].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@clickbank[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@clickbank[3].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@revenue[2].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@revenue[3].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@com[3].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@yadro[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@yadro[2].txt 00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@stats1.clicktracks[2].txt 00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@landing.domainsponsor[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@xiti[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@xiti[2].txt 00167730 Cookie/Hitbox TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ehg.hitbox[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@azjmp[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@azjmp[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statcounter[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statcounter[2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statcounter[4].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@statcounter[2].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@counter.hitslink[2].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@counter.hitslink[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@perf.overture[1].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@perf.overture[2].txt 00168048 Cookie/Overture TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@perf.overture[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[3].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[7].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[5].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ad.yieldmanager[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[6].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@apmebf[2].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@apmebf[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@apmebf[4].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@apmebf[3].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@burstnet[1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[5].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[3].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@burstnet[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[4].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@serving-sys[5].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[5].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[3].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[4].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[6].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bs.serving-sys[7].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@bs.serving-sys[1].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www.burstbeacon[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@www.burstbeacon[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www.burstbeacon[4].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www.burstbeacon[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adtech[2].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@server.iad.liveperson[5].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@server.iad.liveperson[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[3].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[4].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[5].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[9].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[6].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@advertising[3].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@advertising[8].txt 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@media.adrevolver[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statse.webtrendslive[3].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@statse.webtrendslive[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@statse.webtrendslive[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ads.pointroll[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.pointroll[4].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.pointroll[2].txt 00170534 Cookie/PurityScan TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@ads.valuead[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@overture[3].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[4].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@overture[5].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[7].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[4].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[3].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@realmedia[6].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[7].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[6].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[8].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[4].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[3].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[9].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@questionmarket[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@questionmarket[5].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[4].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[3].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@zedo[1].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[4].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[2].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@bluestreak[3].txt 00173992 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@c5.zedo[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@adrevolver[2].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@adrevolver[3].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@go[2].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@go[3].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@searchportal.information[1].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@searchportal.information[2].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@target[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@target[1].txt 00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@target[2].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@did-it[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[6].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[4].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@atwola[3].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@smartadserver[1].txt 00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www6.addfreestats[2].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@www1.addfreestats[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@citi.bridgetrack[4].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@citi.bridgetrack[3].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\chae eun\appdata\roaming\microsoft\windows\cookies\chae_eun@citi.bridgetrack[1].txt ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================= =================== No c:\program files (x86)\hp games\create a mall\create a mall-wt.exe No c:\program files (x86)\hp games\hunting unlimited 2008\hu2008-wt.exe No c:\program files (x86)\vtcgame\audition\modxau_hs\modxau.exe No c:\users\chae eun\music\playlists\modxau_hsnsl.net.zip[modxau_hs/modxau.exe] No c:\windows\syswow64\config\sys.sav ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= ===================

CatByte View Member Profile	Oct 30 2009, 03:19 PM Post #8
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Nothing there but cookies. Lets clean them up with this program: Please do the following: Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. NEXT Please post a fresh OTL log and advise how your computer is running now and if there are any outstanding issues.

meepmeep1101 View Member Profile	Oct 30 2009, 05:45 PM Post #9
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	i wont be able to tell a difference until a couple of days for the non responsove thing..but like a week or two for the loser thing ><;;.. I also have a question...Do you know how I can make it so that when I start my computer, no programs start? I use to know how, but I forgot. oh..and how do I change this "FF - prefs.js..browser.startup.homepage: "http://www.mystart.com?pr=oovoo2_0"" ???...I never set it that way....Its only when I start a new tab OTL logfile created on: 10/30/2009 1:31:47 PM - Run 2 OTL by OldTimer - Version 3.0.22.1 Folder = c:\Users\Chae Eun\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.75 Gb Total Physical Memory \| 2.19 Gb Available Physical Memory \| 58.52% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 219.97 Gb Total Space \| 84.08 Gb Free Space \| 38.22% Space Free \| Partition Type: NTFS Drive D: \| 12.91 Gb Total Space \| 2.02 Gb Free Space \| 15.64% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHAEEUN-PC Current User Name: Chae Eun Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/29 06:50:36 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe PRC - [2009/10/12 18:03:52 \| 17,507,000 \| ---- \| M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe PRC - [2009/10/05 14:14:22 \| 02,075,384 \| ---- \| M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2009/08/26 19:23:17 \| 00,638,232 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe PRC - [2009/05/11 16:45:30 \| 00,202,024 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009/02/20 08:22:34 \| 04,363,504 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2009/01/27 20:50:00 \| 00,054,608 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/01/27 17:37:24 \| 00,073,728 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe PRC - [2009/01/27 17:30:20 \| 02,387,968 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/10/06 06:54:52 \| 00,365,952 \| ---- \| M] () -- C:\Program Files (x86)\SMINST\BLService.exe PRC - [2008/09/26 00:36:40 \| 01,148,200 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008/09/25 16:42:24 \| 00,189,736 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008/09/25 16:41:44 \| 01,152,296 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008/09/24 16:08:26 \| 00,296,320 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2008/09/24 16:08:26 \| 00,116,096 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2008/08/01 13:14:02 \| 00,202,032 \| ---- \| M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008/06/29 13:10:18 \| 00,241,734 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe PRC - [2008/06/10 01:27:04 \| 00,144,784 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe PRC - [2008/05/01 13:25:56 \| 00,165,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008/04/15 11:51:00 \| 00,488,752 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2008/04/11 06:04:54 \| 00,685,360 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008/04/03 08:33:26 \| 00,193,840 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008/01/20 16:49:12 \| 00,069,120 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2007/10/25 04:05:40 \| 00,136,512 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2007/10/25 04:04:56 \| 00,136,512 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2007/10/25 04:03:28 \| 00,103,744 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2007/09/26 04:34:40 \| 00,316,720 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE PRC - [2007/05/08 13:24:20 \| 00,054,840 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/06/03 20:43:18 \| 00,239,104 \| ---- \| M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV [Auto \| Running]) SRV:64bit: - [2009/03/02 18:42:58 \| 00,089,600 \| ---- \| M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters [Auto \| Running]) SRV:64bit: - [2008/12/10 08:04:58 \| 00,935,424 \| ---- \| M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto \| Running]) SRV:64bit: - [2008/03/18 14:25:40 \| 00,023,040 \| ---- \| M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv [Auto \| Running]) SRV:64bit: - [2008/01/20 16:52:15 \| 01,216,000 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto \| Running]) SRV:64bit: - [2008/01/20 16:47:32 \| 00,383,544 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto \| Running]) SRV:64bit: - [2007/12/11 10:11:30 \| 00,015,872 \| ---- \| M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto \| Running]) SRV - [2009/07/16 13:16:44 \| 00,250,616 \| ---- \| M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand \| Stopped]) SRV - [2009/02/19 17:22:23 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand \| Stopped]) SRV - [2009/01/27 20:50:00 \| 00,154,432 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield [Auto \| Running]) SRV - [2009/01/27 20:50:00 \| 00,054,608 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto \| Running]) SRV - [2009/01/27 17:37:24 \| 00,073,728 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto \| Running]) SRV - [2008/11/20 09:18:52 \| 00,136,120 \| ---- \| M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2008/11/03 19:06:28 \| 00,441,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand \| Stopped]) SRV - [2008/10/09 07:56:48 \| 00,094,208 \| ---- \| M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto \| Running]) SRV - [2008/10/06 06:54:52 \| 00,365,952 \| ---- \| M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto \| Running]) SRV - [2008/09/24 16:08:26 \| 00,296,320 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto \| Running]) SRV - [2008/09/24 16:08:26 \| 00,116,096 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto \| Running]) SRV - [2008/07/27 08:03:13 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/27 08:01:49 \| 00,093,184 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand \| Stopped]) SRV - [2008/06/29 13:10:18 \| 00,241,734 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto \| Running]) SRV - [2008/06/19 15:17:12 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/06/19 15:16:53 \| 00,859,648 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/05/01 13:25:56 \| 00,165,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand \| Running]) SRV - [2008/04/03 08:33:26 \| 00,193,840 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand \| Running]) SRV - [2008/03/06 10:10:52 \| 00,106,496 \| ---- \| M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc [On_Demand \| Stopped]) SRV - [2008/03/06 10:09:50 \| 00,118,784 \| ---- \| M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT [On_Demand \| Stopped]) SRV - [2008/01/20 16:51:36 \| 00,344,064 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand \| Stopped]) SRV - [2008/01/20 16:51:36 \| 00,153,600 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand \| Stopped]) SRV - [2007/10/25 04:03:28 \| 00,103,744 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto \| Running]) SRV - [2007/05/31 04:11:54 \| 00,443,784 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto \| Running]) SRV - [2007/05/31 04:11:46 \| 00,225,672 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto \| Running]) SRV - [2007/01/02 05:35:24 \| 00,074,656 \| ---- \| M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand \| Stopped]) SRV - [2006/11/02 05:03:48 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto \| Stopped]) SRV - [2006/11/02 03:34:14 \| 00,000,000 \| ---D \| M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown \| Stopped]) SRV - [2006/11/01 20:35:15 \| 00,060,994 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand \| Stopped]) SRV - [2006/11/01 20:35:15 \| 00,055,846 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand \| Stopped]) SRV - [2006/10/26 11:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2004/10/22 00:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) ========== Driver Services (SafeList) ========== DRV:64bit: - [2009/06/30 10:37:16 \| 00,033,800 \| ---- \| M] () -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot [Boot \| Running]) DRV:64bit: - [2009/06/24 03:28:32 \| 00,871,408 \| ---- \| M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot \| Running]) DRV:64bit: - [2009/06/03 20:43:18 \| 00,486,400 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand \| Running]) DRV:64bit: - [2009/05/25 06:51:00 \| 00,207,872 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand \| Running]) DRV:64bit: - [2009/05/23 05:09:38 \| 00,029,704 \| ---- \| M] () -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt [On_Demand \| Stopped]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,259,656 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk [On_Demand \| Running]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,094,280 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand \| Running]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,081,096 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk [On_Demand \| Running]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,067,272 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik [System \| Running]) DRV:64bit: - [2008/12/10 09:31:26 \| 04,993,024 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand \| Running]) DRV:64bit: - [2008/11/21 22:05:22 \| 01,253,376 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand \| Running]) DRV:64bit: - [2008/10/23 02:16:34 \| 01,526,776 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand \| Running]) DRV:64bit: - [2008/10/16 23:00:00 \| 00,179,768 \| ---- \| M] () -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt [On_Demand \| Stopped]) DRV:64bit: - [2008/10/16 23:00:00 \| 00,106,040 \| ---- \| M] () -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr [On_Demand \| Stopped]) DRV:64bit: - [2008/07/20 23:53:04 \| 00,145,496 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR [On_Demand \| Stopped]) DRV:64bit: - [2008/06/27 01:51:10 \| 00,088,632 \| ---- \| M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto \| Running]) DRV:64bit: - [2008/05/28 12:54:18 \| 00,026,168 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand \| Running]) DRV:64bit: - [2008/04/27 22:25:06 \| 00,016,400 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot \| Running]) DRV:64bit: - [2008/03/30 23:36:18 \| 00,195,120 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand \| Running]) DRV:64bit: - [2008/03/27 10:10:56 \| 00,026,984 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot \| Running]) DRV:64bit: - [2008/03/27 10:10:14 \| 00,040,296 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand \| Running]) DRV:64bit: - [2008/03/06 09:57:32 \| 00,042,784 \| ---- \| M] () -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64 [On_Demand \| Stopped]) DRV:64bit: - [2008/01/24 02:24:24 \| 00,060,928 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir [On_Demand \| Running]) DRV:64bit: - [2008/01/20 16:49:47 \| 00,011,264 \| ---- \| M] () -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand \| Running]) DRV:64bit: - [2008/01/20 16:47:27 \| 00,168,704 \| ---- \| M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand \| Running]) DRV:64bit: - [2008/01/20 16:46:57 \| 03,154,432 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand \| Stopped]) DRV:64bit: - [2008/01/20 16:46:55 \| 00,111,104 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand \| Stopped]) DRV:64bit: - [2008/01/20 16:46:52 \| 00,019,456 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand \| Stopped]) DRV:64bit: - [2008/01/20 16:46:51 \| 00,017,792 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand \| Running]) DRV:64bit: - [2007/06/27 03:47:14 \| 00,089,216 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\swumx56.sys -- (SWUMX56 [On_Demand \| Stopped]) DRV:64bit: - [2007/06/27 03:46:24 \| 00,114,688 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys -- (SWNC8U56 [On_Demand \| Stopped]) DRV:64bit: - [2007/06/18 14:13:12 \| 00,018,432 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand \| Running]) DRV:64bit: - [2007/01/18 09:10:22 \| 00,030,336 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort [On_Demand \| Running]) DRV:64bit: - [2006/11/01 19:28:10 \| 00,273,920 \| ---- \| M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand \| Running]) DRV:64bit: - [2006/10/03 15:45:36 \| 00,273,408 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand \| Stopped]) DRV - [2009/01/27 20:50:00 \| 00,038,344 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk [System \| Stopped]) DRV - [2008/09/26 00:36:34 \| 00,027,632 \| ---- \| M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto \| Running]) DRV - [2006/09/18 11:36:40 \| 00,003,066 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot \| Running]) DRV - [2006/09/18 11:35:23 \| 00,001,088 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand \| Running]) DRV - [2005/02/01 09:55:40 \| 00,021,442 \| ---- \| M] (INCA Internet Co., Ltd.) -- C:\Program Files (x86)\Gravity\RO\npkcrypt.sys -- (npkcrypt [On_Demand \| Stopped]) ========== Modules (SafeList) ========== MOD - [2009/10/29 06:50:36 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe MOD - [2008/01/20 16:50:45 \| 00,545,792 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrtip.dll MOD - [2008/01/20 16:49:57 \| 00,126,976 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imjkapi.dll MOD - [2008/01/20 16:49:46 \| 00,363,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imetip.dll MOD - [2008/01/20 16:49:02 \| 00,113,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrapi.dll MOD - [2008/01/20 16:48:06 \| 01,684,480 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll MOD - [2008/01/20 16:47:36 \| 00,130,560 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\IME\SpTip.dll ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.mystart.com?pr=oovoo2_0" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3 FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - prefs.js..keyword.URL: "http://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 21:01:11 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/20 21:35:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/27 23:02:26 \| 00,000,000 \| ---D \| M] [2009/04/24 18:27:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions [2009/04/24 18:27:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/07 10:27:03 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2009/10/29 15:39:00 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions [2009/07/12 19:34:28 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/05/09 14:47:15 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2009/10/29 15:39:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593} [2009/05/09 06:34:41 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/04/24 18:27:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009/09/18 09:25:28 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/18 09:25:24 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2009/09/18 09:25:24 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2009/09/25 06:41:48 \| 01,044,480 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009/09/25 06:41:24 \| 01,650,992 \| ---- \| M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009/05/18 12:41:32 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/09/18 09:25:26 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007/04/16 07:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll [2009/09/25 06:41:48 \| 00,200,704 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009/04/08 19:51:14 \| 00,001,394 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml [2009/04/08 19:51:14 \| 00,002,193 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2009/04/08 19:51:14 \| 00,001,534 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2009/04/08 19:51:14 \| 00,002,343 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml [2009/04/08 19:51:14 \| 00,001,706 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2009/04/08 19:51:14 \| 00,001,178 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml [2009/04/29 08:35:18 \| 00,000,787 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll () O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll () O3 - HKLM\..\Toolbar: (VDict toolbar) - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\Program Files (x86)\VDict toolbar\vdict.dll (Kamejoko Network) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Aim6] File not found O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe File not found O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab (Reg Error: Key error.) O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com/plugins/Plugin5.0.021...eetnoagent7.cab (Street Technologies ActiveX Control Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.star.hawaii.edu:10012/studentin...Script/smsx.cab (MeadCo ScriptX) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} http://web.spaceillusion.com/help/myDancer1020.cab (myDancerCTL Class) O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} http://listen.daum.net/52st/52street/S2MusicPlayer.dll (S2PlayerPan Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class) O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://update.nprotect.net/nprotect2007/pusan/npstarter.cab (nPCom2 Control) O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (CSEQueryObject Object) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} http://download.pruna.com/update/pruna2008...loadControl.cab (PrunaDownloadControl Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActive...cab?ver=2,0,0,5 (Daum ActiveX manager Class) O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} http://web.spaceillusion.com/help/iDanceUpdater1034.cab (SiUpdaterCtrl Class) O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com/cab/P3MelWebInstall.cab (MOPlayerWnd2 Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} http://player.muz.co.kr/package/installer2...03/p3Instal.cab (PcubeSet Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/pusan/npkcx.cab (NPKCX Control) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://poipubeach.serveftp.net:5001/activex/AMC.cab (AxisMediaControlEmb Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.171.3.13 128.171.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/28 21:08:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\EmailNotifier [2009/10/29 21:48:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Skype [2009/10/28 21:08:54 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Roaming\ooVoo Details [2009/10/29 21:48:53 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Roaming\Skype [2009/10/29 21:49:57 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Roaming\skypePM [2009/10/18 18:50:49 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Local\AIM [2009/10/29 21:48:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Skype [2009/10/22 20:01:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Daum [2009/10/13 19:47:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\DirectVobSub [2009/10/10 10:07:50 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Microsoft [2009/10/28 21:07:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\ooVoo [2009/10/28 21:08:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\oovootb [2009/10/29 18:15:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Panda Security [2009/10/29 21:48:20 \| 00,000,000 \| R--D \| C] -- C:\Program Files (x86)\Skype [2009/10/28 14:28:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2009/10/30 13:23:47 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe [2009/10/29 13:52:06 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/29 06:50:30 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe [2009/10/13 12:27:04 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009/10/13 12:26:56 \| 05,940,224 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/13 12:26:52 \| 11,069,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009/10/13 12:26:51 \| 01,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009/10/13 12:26:50 \| 01,208,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009/10/13 12:26:50 \| 00,916,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009/10/13 12:26:49 \| 00,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009/10/13 12:26:49 \| 00,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009/10/13 12:26:49 \| 00,206,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009/10/13 12:26:48 \| 01,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009/10/13 12:26:48 \| 00,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009/10/13 12:26:48 \| 00,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009/10/13 12:26:47 \| 00,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009/10/13 12:26:46 \| 00,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009/10/13 12:26:46 \| 00,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/13 12:26:46 \| 00,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009/10/13 12:26:45 \| 00,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009/10/13 12:26:44 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/10/13 12:26:44 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009/10/13 12:26:44 \| 00,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009/10/13 12:26:44 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009/10/13 12:24:06 \| 00,213,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/13 12:23:54 \| 00,061,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll [2009/10/02 06:37:30 \| 00,575,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2009/10/02 06:37:30 \| 00,087,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2009/10/02 06:37:30 \| 00,035,552 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2009/10/02 06:37:11 \| 00,171,608 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2009/10/02 06:37:11 \| 00,033,792 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe ========== Files - Modified Within 30 Days ========== [2009/10/30 13:26:57 \| 00,003,344 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/10/30 13:26:57 \| 00,003,344 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/10/30 13:26:53 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/10/30 13:26:45 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/10/30 13:26:37 \| 40,242,58560 \| -HS- \| M] () -- C:\hiberfil.sys [2009/10/30 13:25:20 \| 02,305,105 \| -H-- \| M] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db [2009/10/30 13:23:48 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe [2009/10/29 23:32:58 \| 00,690,960 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/10/29 23:32:58 \| 00,587,178 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/10/29 23:32:58 \| 00,101,250 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/10/29 21:49:58 \| 00,000,056 \| -H-- \| M] () -- C:\Windows\SysWow64\ezsidmv.dat [2009/10/29 21:48:22 \| 00,001,890 \| ---- \| M] () -- C:\Users\Public\Desktop\Skype.lnk [2009/10/29 15:44:01 \| 00,000,180 \| ---- \| M] () -- C:\Windows\win.ini [2009/10/29 15:22:30 \| 00,003,998 \| ---- \| M] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat [2009/10/29 14:26:03 \| 00,000,346 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job [2009/10/29 06:50:36 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe [2009/10/28 21:07:36 \| 00,000,591 \| ---- \| M] () -- C:\Users\Public\Desktop\ooVoo.lnk [2009/10/28 14:59:17 \| 00,019,866 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis [2009/10/28 14:28:46 \| 00,001,928 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk [2009/10/27 23:02:22 \| 00,001,013 \| ---- \| M] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2009/10/27 23:01:22 \| 00,001,421 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\DivX Movies.lnk [2009/10/25 17:52:58 \| 00,086,738 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\138.jpg [2009/10/24 10:37:09 \| 00,413,025 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg [2009/10/24 10:37:08 \| 00,393,399 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg [2009/10/24 10:37:07 \| 00,444,101 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg [2009/10/24 10:37:07 \| 00,353,909 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg [2009/10/22 22:35:06 \| 00,016,528 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx [2009/10/22 22:35:06 \| 00,012,689 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\final essay.docx [2009/10/21 13:24:16 \| 00,460,172 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg [2009/10/19 16:56:37 \| 00,027,648 \| ---- \| M] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/18 18:25:11 \| 00,013,880 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\timmmmm.docx [2009/10/18 18:18:29 \| 00,011,284 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\timmmmm..docx [2009/10/18 15:36:09 \| 98,750,464 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\Produce.wmv [2009/10/10 12:32:13 \| 00,408,430 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg [2009/10/10 10:15:44 \| 00,094,632 \| ---- \| M] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT [2009/10/10 10:15:05 \| 02,955,568 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/10/07 20:25:18 \| 00,326,343 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma [2009/10/02 08:40:19 \| 26,575,296 \| ---- \| M] () -- C:\Windows\SysNative\mrt.exe [2009/10/01 18:51:01 \| 00,023,040 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\dock,jessicaCL.doc [2009/10/01 10:29:14 \| 00,238,960 \| ---- \| M] () -- C:\Windows\SysNative\MpSigStub.exe ========== Files - No Company Name ========== [2009/10/29 21:49:58 \| 00,000,056 \| -H-- \| C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009/10/29 21:48:22 \| 00,001,890 \| ---- \| C] () -- C:\Users\Public\Desktop\Skype.lnk [2009/10/29 18:15:26 \| 00,033,800 \| ---- \| C] () -- C:\Windows\SysNative\drivers\pavboot64.sys [2009/10/28 21:07:36 \| 00,000,591 \| ---- \| C] () -- C:\Users\Public\Desktop\ooVoo.lnk [2009/10/28 14:33:09 \| 00,019,866 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis [2009/10/28 14:28:46 \| 00,001,928 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk [2009/10/27 23:02:22 \| 00,001,013 \| ---- \| C] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2009/10/25 17:52:58 \| 00,086,738 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\138.jpg [2009/10/24 10:37:09 \| 00,413,025 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg [2009/10/24 10:37:08 \| 00,393,399 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg [2009/10/24 10:37:07 \| 00,444,101 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg [2009/10/24 10:37:07 \| 00,353,909 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg [2009/10/22 19:35:32 \| 00,016,528 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx [2009/10/22 19:35:32 \| 00,012,689 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\final essay.docx [2009/10/21 13:24:16 \| 00,460,172 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg [2009/10/18 18:25:10 \| 00,013,880 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\timmmmm.docx [2009/10/18 18:18:28 \| 00,011,284 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\timmmmm..docx [2009/10/18 14:41:47 \| 98,750,464 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\Produce.wmv [2009/10/13 12:27:32 \| 04,691,016 \| ---- \| C] () -- C:\Windows\SysNative\ntoskrnl.exe [2009/10/13 12:27:02 \| 00,818,688 \| ---- \| C] () -- C:\Windows\SysNative\WMSPDMOD.DLL [2009/10/13 12:26:55 \| 09,236,992 \| ---- \| C] () -- C:\Windows\SysNative\mshtml.dll [2009/10/13 12:26:53 \| 12,461,568 \| ---- \| C] () -- C:\Windows\SysNative\ieframe.dll [2009/10/13 12:26:51 \| 02,334,208 \| ---- \| C] () -- C:\Windows\SysNative\iertutil.dll [2009/10/13 12:26:50 \| 01,484,288 \| ---- \| C] () -- C:\Windows\SysNative\urlmon.dll [2009/10/13 12:26:50 \| 01,147,904 \| ---- \| C] () -- C:\Windows\SysNative\wininet.dll [2009/10/13 12:26:50 \| 00,459,776 \| ---- \| C] () -- C:\Windows\SysNative\iedkcs32.dll [2009/10/13 12:26:49 \| 00,700,928 \| ---- \| C] () -- C:\Windows\SysNative\msfeeds.dll [2009/10/13 12:26:49 \| 00,243,712 \| ---- \| C] () -- C:\Windows\SysNative\occache.dll [2009/10/13 12:26:48 \| 01,538,560 \| ---- \| C] () -- C:\Windows\SysNative\inetcpl.cpl [2009/10/13 12:26:47 \| 00,162,816 \| ---- \| C] () -- C:\Windows\SysNative\ieUnatt.exe [2009/10/13 12:26:46 \| 00,252,416 \| ---- \| C] () -- C:\Windows\SysNative\iepeers.dll [2009/10/13 12:26:46 \| 00,132,096 \| ---- \| C] () -- C:\Windows\SysNative\iesysprep.dll [2009/10/13 12:26:46 \| 00,071,680 \| ---- \| C] () -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/13 12:26:46 \| 00,070,656 \| ---- \| C] () -- C:\Windows\SysNative\ie4uinit.exe [2009/10/13 12:26:45 \| 00,012,288 \| ---- \| C] () -- C:\Windows\SysNative\msfeedssync.exe [2009/10/13 12:26:44 \| 01,638,912 \| ---- \| C] () -- C:\Windows\SysNative\mshtml.tlb [2009/10/13 12:26:44 \| 00,219,136 \| ---- \| C] () -- C:\Windows\SysNative\ieui.dll [2009/10/13 12:26:44 \| 00,077,312 \| ---- \| C] () -- C:\Windows\SysNative\iesetup.dll [2009/10/13 12:26:44 \| 00,072,192 \| ---- \| C] () -- C:\Windows\SysNative\iernonce.dll [2009/10/13 12:26:44 \| 00,031,744 \| ---- \| C] () -- C:\Windows\SysNative\jsproxy.dll [2009/10/13 12:24:10 \| 00,174,592 \| ---- \| C] () -- C:\Windows\SysNative\drivers\srv2.sys [2009/10/13 12:24:06 \| 00,268,800 \| ---- \| C] () -- C:\Windows\SysNative\msv1_0.dll [2009/10/13 12:23:54 \| 00,082,944 \| ---- \| C] () -- C:\Windows\SysNative\msasn1.dll [2009/10/10 12:32:13 \| 00,408,430 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg [2009/10/07 20:25:16 \| 00,326,343 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma [2009/10/02 12:37:55 \| 00,238,960 \| ---- \| C] () -- C:\Windows\SysNative\MpSigStub.exe [2009/10/02 06:38:14 \| 02,621,440 \| ---- \| C] () -- C:\Windows\SysNative\wucltux.dll [2009/10/02 06:38:14 \| 00,057,560 \| ---- \| C] () -- C:\Windows\SysNative\wuauclt.exe [2009/10/02 06:38:14 \| 00,043,744 \| ---- \| C] () -- C:\Windows\SysNative\wups2.dll [2009/10/02 06:38:13 \| 02,424,024 \| ---- \| C] () -- C:\Windows\SysNative\wuaueng.dll [2009/10/02 06:37:42 \| 00,038,112 \| ---- \| C] () -- C:\Windows\SysNative\wups.dll [2009/10/02 06:37:30 \| 00,700,640 \| ---- \| C] () -- C:\Windows\SysNative\wuapi.dll [2009/10/02 06:37:30 \| 00,098,816 \| ---- \| C] () -- C:\Windows\SysNative\wudriver.dll [2009/10/02 06:37:11 \| 00,185,416 \| ---- \| C] () -- C:\Windows\SysNative\wuwebv.dll [2009/10/02 06:37:11 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysNative\wuapp.exe [2009/08/29 15:57:59 \| 00,000,137 \| ---- \| C] () -- C:\Windows\viet1000.ini [2009/05/02 14:07:46 \| 00,000,022 \| ---- \| C] () -- C:\Windows\SysWow64\win28c88_va.dll [2009/05/02 14:06:51 \| 00,974,848 \| ---- \| C] () -- C:\Windows\SysWow64\LtDlgRes14n.dll [2009/04/13 11:11:44 \| 00,000,680 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\d3d9caps.dat [2009/04/13 10:32:42 \| 00,000,280 \| ---- \| C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig [2009/04/11 15:27:39 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\FnF4.txt [2009/04/11 12:52:42 \| 00,667,648 \| ---- \| C] () -- C:\Windows\SysWow64\MRUpdate.dll [2009/04/04 09:44:45 \| 00,226,768 \| ---- \| C] () -- C:\Windows\SysWow64\MuzLyrcs.dll [2009/04/04 09:44:45 \| 00,034,256 \| ---- \| C] () -- C:\Windows\SysWow64\MzWhatImListen2.dll [2009/03/03 14:14:31 \| 00,000,237 \| ---- \| C] () -- C:\Windows\SIERRA.INI [2009/03/03 08:21:58 \| 00,492,256 \| ---- \| C] () -- C:\Windows\SysWow64\MelonWebPlayer.dll [2009/02/28 14:42:01 \| 00,210,944 \| ---- \| C] () -- C:\Windows\SysWow64\MSVCRT10.DLL [2009/02/28 14:12:13 \| 00,213,072 \| ---- \| C] () -- C:\Windows\SysWow64\DNLEng.dll [2009/02/28 14:12:12 \| 02,433,024 \| ---- \| C] () -- C:\Windows\npdbplug.dll [2009/02/08 10:09:31 \| 00,003,998 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat [2009/02/08 02:47:00 \| 00,000,258 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2009/02/06 11:57:02 \| 00,027,648 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/05 18:00:32 \| 02,305,105 \| -H-- \| C] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db [2009/02/04 19:22:53 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\QSwitch.txt [2009/02/04 19:22:53 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\DSwitch.txt [2009/02/04 19:22:53 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\AtStart.txt [2009/02/04 19:18:41 \| 00,094,632 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT [2009/01/15 20:32:49 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009/01/15 20:32:38 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009/01/15 20:32:01 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009/01/15 20:30:19 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009/01/15 20:27:39 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2008/10/22 23:03:19 \| 00,000,109 \| ---- \| C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2008/10/22 22:52:09 \| 00,000,110 \| ---- \| C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2008/10/22 22:48:54 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2008/10/22 22:46:28 \| 00,000,107 \| ---- \| C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2008/01/20 16:50:05 \| 00,060,124 \| ---- \| C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 16:49:49 \| 00,368,640 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006/11/02 05:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files\desktop.ini [2006/11/02 05:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2006/11/02 02:34:27 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 02:34:27 \| 00,000,180 \| ---- \| C] () -- C:\Windows\win.ini [2006/09/29 15:22:28 \| 00,393,216 \| ---- \| C] () -- C:\Windows\SysWow64\INICRYPTOSDK.dll [2005/05/18 21:38:01 \| 00,000,208 \| ---- \| C] () -- C:\Windows\SysWow64\NDMMUpdate.ini [2005/04/18 19:57:57 \| 00,262,253 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_LP3000.dll [2005/04/18 19:57:57 \| 00,233,472 \| ---- \| C] () -- C:\Windows\SysWow64\MSNetSync.dll [2005/04/18 19:57:57 \| 00,131,072 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_MPIO.dll [2005/04/18 19:57:57 \| 00,126,976 \| ---- \| C] () -- C:\Windows\SysWow64\STLicCheck.dll [2005/04/18 19:57:57 \| 00,126,976 \| ---- \| C] () -- C:\Windows\SysWow64\NetSync14xs.dll [2005/04/18 19:57:57 \| 00,122,880 \| ---- \| C] () -- C:\Windows\SysWow64\TS-200USB.dll [2005/04/18 19:57:57 \| 00,077,900 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_DEVICE.dll [2005/04/18 19:57:57 \| 00,077,882 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_TS-200.dll [2005/04/18 19:57:57 \| 00,073,839 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_TC100.dll [2005/04/18 19:57:57 \| 00,073,728 \| ---- \| C] () -- C:\Windows\SysWow64\TCC730USB.dll [2005/04/18 19:57:57 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\USBDevice.dll [2005/04/18 19:57:57 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\TuneCaption.dll [2005/04/18 19:57:57 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_NMP300RA.dll [2005/04/18 19:57:57 \| 00,045,056 \| ---- \| C] () -- C:\Windows\SysWow64\WrapperCtl.dll [2005/04/18 19:57:57 \| 00,040,960 \| ---- \| C] () -- C:\Windows\SysWow64\NED_v20.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NetSync_Dit.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NEDP_v13.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NEDH_v13.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NEDdll.dll [2005/04/18 19:57:57 \| 00,032,768 \| ---- \| C] () -- C:\Windows\SysWow64\YariMediaDRM.dll [2005/04/18 19:57:57 \| 00,032,768 \| ---- \| C] () -- C:\Windows\SysWow64\UsbDLL.dll [2005/04/18 19:57:56 \| 00,684,032 \| ---- \| C] () -- C:\Windows\SysWow64\libeay32.dll [2005/04/18 19:57:56 \| 00,192,616 \| ---- \| C] () -- C:\Windows\SysWow64\FlashCtl.dll [2005/04/18 19:57:56 \| 00,065,536 \| ---- \| C] () -- C:\Windows\SysWow64\MASWizPC.dll [2005/04/18 19:57:56 \| 00,065,536 \| ---- \| C] () -- C:\Windows\SysWow64\DitDrm.dll [2005/04/18 19:57:56 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\CTDRM.dll [2005/04/18 19:57:56 \| 00,045,056 \| ---- \| C] () -- C:\Windows\SysWow64\FileTransfer.dll [2005/02/16 03:55:25 \| 00,077,824 \| ---- \| C] () -- C:\Windows\SysWow64\akrip.dll [2005/01/27 00:20:10 \| 00,099,840 \| ---- \| C] () -- C:\Windows\SysWow64\lame_enc.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:182E7BAA @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\yoomin.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\Untitled (5).wma.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\merryxmas.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\lookanh.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\jasmine.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\heyasan.wav:TOC.WMV @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E80802C7 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:50D4F48C @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:74D9C82E ========== Files - Unicode (All) ========== [2009/05/25 08:51:27 \| 00,001,863 \| ---- \| M] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition – Season 2.lnk [2009/05/25 08:51:27 \| 00,001,863 \| ---- \| C] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition – Season 2.lnk < End of report > This post has been edited by meepmeep1101: Oct 30 2009, 05:48 PM

CatByte View Member Profile	Oct 30 2009, 07:15 PM Post #10
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, Your log looks clean. To reset your home page in Fire fox... Go to Tools > Options > Main make sure the Startup box that says "when fire fox starts" > make sure it's set to "show my home page" Then set your homepage to : http://www.google.com or whatever you choose > OK NEXT Here is a tutorial for how to disable programs from startup: http://www.vistax64.com/tutorials/79612-st...le-disable.html NEXT Please download JavaRa to your desktop and unzip it to its own folder. Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Scroll down to the Java SE Runtime Environment (JRE) option. Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 16) NEXT Make sure you have an Internet Connection. Double-click OTS.exe to run it. (Vista users, please right click on OTS.exe and select "Run as an Administrator") Click on the CleanUp! button A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTS to reach the Internet, please allow the application to do so. Click Yes to begin the Cleanup process and remove these components, including this application. You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. NEXT Now we need to create a new clean SYSTEM RESTORE point. Close and save any documents that you may have open. Open up the Start Menu and right-click on "Computer", and then select "Properties" This will take you into the System area of Control Panel. Click on the "Advanced system settings" on the left hand side. Now select the "System Protection" tab to get to the System Restore section. Click the "Create" button to create a new restore point. You'll be prompted for a name, and you might want to give it a useful name that you'll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it's all finished, you'll get a message saying it's completed successfully. You will now have a new restore point Then remove all previous Restore Points Click Start Menu > Run > copy and paste cleanmgr into the run box At the top, click on the More Options tab, under System Restore and Shadow Copies group, Click the Clean up button, Vista will ask you if you’re sure, click on Yes button. When finished, click on Cancel button to exit. NEXT Below I have included a number of recommendations for how to protect your computer against malware infections. It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE For Firefox, I highly recommend this add-on to keep your PC even more secure. NoScript - for blocking ads and other potential website attacks Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: Think Prevention. PC Safety and Security--What Do I Need?. **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Thank you for your patience, and performing all of the procedures requested. Please respond one last time so we can consider the thread resolved and close it, thank-you.

meepmeep1101 View Member Profile	Nov 5 2009, 01:08 AM Post #11
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	it just called me a loser agian....

CatByte View Member Profile	Nov 5 2009, 05:56 AM Post #12
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	I didn't see any obvious signs of malware that could be causing that, it may be possible there is a prank .vbs script on your system or you may have an infected codec. Is it only when you play music that this happens? What program do you use for music Lets see if a deeper scan will turn it up. Please do the following: Download TFC to your desktop Close any open windows. Double click the TFC icon to run the program TFC will close all open programs itself in order to run, Click the Start button to begin the process. Allow TFC to run uninterrupted. The program should not take long to finish it's job Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean It's normal after running TFC cleaner that the PC will be slower to boot the first time. Make sure you reboot before continuing: NEXT I'd like you to run a custom scan with OTL Please download OTL from HERE Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Under Custom Scan paste this in" %SYSTEMDRIVE%\.vbs /s /md5 C:\windows\system32\drivers\.sys /md5 %SYSTEMDRIVE%\eventlog.dll /s /md5 %SYSTEMDRIVE%\scecli.dll /s /md5 %SYSTEMDRIVE%\netlogon.dll /s /md5 %SYSTEMDRIVE%\cngaudit.dll /s /md5 %SYSTEMDRIVE%\sceclt.dll /s /md5 %SYSTEMDRIVE%\ntelogon.dll /s /md5 %SYSTEMDRIVE%\logevent.dll /s /md5 %SYSTEMDRIVE%\iaStor.sys /s /md5 %SYSTEMDRIVE%\nvstor.sys /s /md5 %SYSTEMDRIVE%\atapi.sys /s /md5 %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 %SYSTEMDRIVE%\viasraid.sys /s /md5 %SYSTEMDRIVE%\AGP440.sys /s /md5 %SYSTEMDRIVE%\vaxscsi.sys /s /md5 %TEMP%\. Click Run Scan and let the program run uninterrupted It will produce a log for you called OTL.txt. Please post that log here in reply. You may need to use two posts to get it all on the forum

meepmeep1101 View Member Profile	Nov 5 2009, 10:36 AM Post #13
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	yesterday it didnt happen when playing music. And my roommate actually heard it this time.

meepmeep1101 View Member Profile	Nov 5 2009, 03:12 PM Post #14
New Member Group: Authentic Member Posts: 16 Joined: 28-October 09 Member No.: 88,568 Operating System: Windows Vista Home	OTL logfile created on: 11/5/2009 7:11:34 AM - Run 3 OTL by OldTimer - Version 3.0.22.1 Folder = c:\Users\Chae Eun\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.75 Gb Total Physical Memory \| 2.03 Gb Available Physical Memory \| 54.17% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 219.97 Gb Total Space \| 85.00 Gb Free Space \| 38.64% Space Free \| Partition Type: NTFS Drive D: \| 12.91 Gb Total Space \| 2.02 Gb Free Space \| 15.64% Space Free \| Partition Type: NTFS E: Drive not present or media not loaded Drive F: \| 1.92 Gb Total Space \| 1.90 Gb Free Space \| 98.95% Space Free \| Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHAEEUN-PC Current User Name: Chae Eun Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/10/29 06:50:36 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe PRC - [2009/10/12 18:03:52 \| 17,507,000 \| ---- \| M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe PRC - [2009/10/05 14:14:22 \| 02,075,384 \| ---- \| M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2009/08/26 19:23:17 \| 00,638,232 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe PRC - [2009/05/11 16:45:30 \| 00,202,024 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009/02/20 08:22:34 \| 04,363,504 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2009/01/27 20:50:00 \| 00,054,608 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/01/27 17:37:24 \| 00,073,728 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe PRC - [2009/01/27 17:30:20 \| 02,387,968 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2008/10/06 06:54:52 \| 00,365,952 \| ---- \| M] () -- C:\Program Files (x86)\SMINST\BLService.exe PRC - [2008/09/26 00:36:40 \| 01,148,200 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008/09/25 16:42:24 \| 00,189,736 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008/09/25 16:41:44 \| 01,152,296 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008/09/24 16:08:26 \| 00,296,320 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2008/09/24 16:08:26 \| 00,116,096 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2008/08/01 13:14:02 \| 00,202,032 \| ---- \| M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe PRC - [2008/06/29 13:10:18 \| 00,241,734 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe PRC - [2008/06/10 01:27:04 \| 00,144,784 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe PRC - [2008/05/01 13:25:56 \| 00,165,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe PRC - [2008/04/15 11:51:00 \| 00,488,752 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe PRC - [2008/04/11 06:04:54 \| 00,685,360 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe PRC - [2008/04/03 08:33:26 \| 00,193,840 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe PRC - [2008/01/20 16:49:12 \| 00,069,120 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2007/10/25 04:05:40 \| 00,136,512 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2007/10/25 04:04:56 \| 00,136,512 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2007/10/25 04:03:28 \| 00,103,744 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2007/09/26 04:34:40 \| 00,316,720 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE PRC - [2007/05/08 13:24:20 \| 00,054,840 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/06/03 20:43:18 \| 00,239,104 \| ---- \| M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV [Auto \| Running]) SRV:64bit: - [2009/03/02 18:42:58 \| 00,089,600 \| ---- \| M] () -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters [Auto \| Running]) SRV:64bit: - [2008/12/10 08:04:58 \| 00,935,424 \| ---- \| M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto \| Running]) SRV:64bit: - [2008/03/18 14:25:40 \| 00,023,040 \| ---- \| M] () -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv [Auto \| Running]) SRV:64bit: - [2008/01/20 16:52:15 \| 01,216,000 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto \| Running]) SRV:64bit: - [2008/01/20 16:47:32 \| 00,383,544 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto \| Running]) SRV:64bit: - [2007/12/11 10:11:30 \| 00,015,872 \| ---- \| M] () -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio [Auto \| Running]) SRV - [2009/07/16 13:16:44 \| 00,250,616 \| ---- \| M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand \| Stopped]) SRV - [2009/02/19 17:22:23 \| 00,072,704 \| ---- \| M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand \| Stopped]) SRV - [2009/01/27 20:50:00 \| 00,154,432 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield [Auto \| Running]) SRV - [2009/01/27 20:50:00 \| 00,054,608 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Auto \| Running]) SRV - [2009/01/27 17:37:24 \| 00,073,728 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto \| Running]) SRV - [2008/11/20 09:18:52 \| 00,136,120 \| ---- \| M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand \| Stopped]) SRV - [2008/11/03 19:06:28 \| 00,441,712 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand \| Stopped]) SRV - [2008/10/09 07:56:48 \| 00,094,208 \| ---- \| M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto \| Running]) SRV - [2008/10/06 06:54:52 \| 00,365,952 \| ---- \| M] () -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows [Auto \| Running]) SRV - [2008/09/24 16:08:26 \| 00,296,320 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc [Auto \| Running]) SRV - [2008/09/24 16:08:26 \| 00,116,096 \| ---- \| M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched [Auto \| Running]) SRV - [2008/07/27 08:03:13 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/27 08:01:49 \| 00,093,184 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand \| Stopped]) SRV - [2008/06/29 13:10:18 \| 00,241,734 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto \| Running]) SRV - [2008/06/19 15:17:12 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/06/19 15:16:53 \| 00,859,648 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/05/01 13:25:56 \| 00,165,192 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand \| Running]) SRV - [2008/04/03 08:33:26 \| 00,193,840 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand \| Running]) SRV - [2008/03/06 10:10:52 \| 00,106,496 \| ---- \| M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc [On_Demand \| Stopped]) SRV - [2008/03/06 10:09:50 \| 00,118,784 \| ---- \| M] (PCTEL) -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT [On_Demand \| Stopped]) SRV - [2008/01/20 16:51:36 \| 00,344,064 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand \| Stopped]) SRV - [2008/01/20 16:51:36 \| 00,153,600 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand \| Stopped]) SRV - [2007/10/25 04:03:28 \| 00,103,744 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto \| Running]) SRV - [2007/05/31 04:11:54 \| 00,443,784 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto \| Running]) SRV - [2007/05/31 04:11:46 \| 00,225,672 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto \| Running]) SRV - [2007/01/02 05:35:24 \| 00,074,656 \| ---- \| M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand \| Stopped]) SRV - [2006/11/02 05:03:48 \| 00,015,360 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto \| Stopped]) SRV - [2006/11/02 03:34:14 \| 00,000,000 \| ---D \| M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown \| Stopped]) SRV - [2006/11/01 20:35:15 \| 00,060,994 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand \| Stopped]) SRV - [2006/11/01 20:35:15 \| 00,055,846 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand \| Stopped]) SRV - [2006/10/26 11:03:08 \| 00,145,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2004/10/22 00:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) ========== Driver Services (SafeList) ========== DRV:64bit: - [2009/06/30 10:37:16 \| 00,033,800 \| ---- \| M] () -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot [Boot \| Running]) DRV:64bit: - [2009/06/24 03:28:32 \| 00,871,408 \| ---- \| M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot \| Running]) DRV:64bit: - [2009/06/03 20:43:18 \| 00,486,400 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA [On_Demand \| Running]) DRV:64bit: - [2009/05/25 06:51:00 \| 00,207,872 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand \| Running]) DRV:64bit: - [2009/05/23 05:09:38 \| 00,029,704 \| ---- \| M] () -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt [On_Demand \| Stopped]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,259,656 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk [On_Demand \| Running]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,094,280 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand \| Running]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,081,096 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk [On_Demand \| Running]) DRV:64bit: - [2009/01/27 20:50:00 \| 00,067,272 \| ---- \| M] () -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik [System \| Running]) DRV:64bit: - [2008/12/10 09:31:26 \| 04,993,024 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand \| Running]) DRV:64bit: - [2008/11/21 22:05:22 \| 01,253,376 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem [On_Demand \| Running]) DRV:64bit: - [2008/10/23 02:16:34 \| 01,526,776 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX [On_Demand \| Running]) DRV:64bit: - [2008/10/16 23:00:00 \| 00,179,768 \| ---- \| M] () -- C:\Windows\SysNative\drivers\Mkd3kfNt.sys -- (Mkd3kfNt [On_Demand \| Stopped]) DRV:64bit: - [2008/10/16 23:00:00 \| 00,106,040 \| ---- \| M] () -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr [On_Demand \| Stopped]) DRV:64bit: - [2008/07/20 23:53:04 \| 00,145,496 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR [On_Demand \| Running]) DRV:64bit: - [2008/06/27 01:51:10 \| 00,088,632 \| ---- \| M] () -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs [Auto \| Running]) DRV:64bit: - [2008/05/28 12:54:18 \| 00,026,168 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter [On_Demand \| Running]) DRV:64bit: - [2008/04/27 22:25:06 \| 00,016,400 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie [Boot \| Running]) DRV:64bit: - [2008/03/30 23:36:18 \| 00,195,120 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand \| Running]) DRV:64bit: - [2008/03/27 10:10:56 \| 00,026,984 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot \| Running]) DRV:64bit: - [2008/03/27 10:10:14 \| 00,040,296 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand \| Running]) DRV:64bit: - [2008/03/06 09:57:32 \| 00,042,784 \| ---- \| M] () -- C:\Windows\SysNative\PCTINDIS5X64.SYS -- (PCTINDIS5X64 [On_Demand \| Stopped]) DRV:64bit: - [2008/01/24 02:24:24 \| 00,060,928 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir [On_Demand \| Running]) DRV:64bit: - [2008/01/20 16:49:47 \| 00,011,264 \| ---- \| M] () -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand \| Running]) DRV:64bit: - [2008/01/20 16:47:27 \| 00,168,704 \| ---- \| M] () -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo [On_Demand \| Running]) DRV:64bit: - [2008/01/20 16:46:57 \| 03,154,432 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64 [On_Demand \| Stopped]) DRV:64bit: - [2008/01/20 16:46:55 \| 00,111,104 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus [On_Demand \| Stopped]) DRV:64bit: - [2008/01/20 16:46:52 \| 00,019,456 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand \| Stopped]) DRV:64bit: - [2008/01/20 16:46:51 \| 00,017,792 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt [On_Demand \| Running]) DRV:64bit: - [2007/06/27 03:47:14 \| 00,089,216 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\swumx56.sys -- (SWUMX56 [On_Demand \| Stopped]) DRV:64bit: - [2007/06/27 03:46:24 \| 00,114,688 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\swnc8u56.sys -- (SWNC8U56 [On_Demand \| Stopped]) DRV:64bit: - [2007/06/18 14:13:12 \| 00,018,432 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand \| Running]) DRV:64bit: - [2007/01/18 09:10:22 \| 00,030,336 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort [On_Demand \| Running]) DRV:64bit: - [2006/11/01 19:28:10 \| 00,273,920 \| ---- \| M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand \| Running]) DRV:64bit: - [2006/10/03 15:45:36 \| 00,273,408 \| ---- \| M] () -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand \| Stopped]) DRV - [2009/01/27 20:50:00 \| 00,038,344 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys -- (mferkdk [System \| Stopped]) DRV - [2008/09/26 00:36:34 \| 00,027,632 \| ---- \| M] (Cyberlink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49} [Auto \| Running]) DRV - [2006/09/18 11:36:40 \| 00,003,066 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot \| Running]) DRV - [2006/09/18 11:35:23 \| 00,001,088 \| ---- \| M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand \| Running]) DRV - [2005/02/01 09:55:40 \| 00,021,442 \| ---- \| M] (INCA Internet Co., Ltd.) -- C:\Program Files (x86)\Gravity\RO\npkcrypt.sys -- (npkcrypt [On_Demand \| Stopped]) ========== Modules (SafeList) ========== MOD - [2009/10/29 06:50:36 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- c:\Users\Chae Eun\Desktop\OTL.exe MOD - [2008/01/20 16:50:45 \| 00,545,792 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrtip.dll MOD - [2008/01/20 16:49:57 \| 00,126,976 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imjkapi.dll MOD - [2008/01/20 16:49:46 \| 00,363,008 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\shared\imetip.dll MOD - [2008/01/20 16:49:02 \| 00,113,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\ime\imekr8\imkrapi.dll MOD - [2008/01/20 16:48:06 \| 01,684,480 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll MOD - [2008/01/20 16:47:36 \| 00,130,560 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\IME\SpTip.dll ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1699190045-97685707-2489270049-1000\S-1-5-21-1699190045-97685707-2489270049-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3 FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - prefs.js..keyword.URL: "http://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/10 21:01:11 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/20 21:35:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/10/27 23:02:26 \| 00,000,000 \| ---D \| M] [2009/04/24 18:27:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions [2009/04/24 18:27:39 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/02/07 10:27:03 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2009/11/04 11:58:06 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions [2009/07/12 19:34:28 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/05/09 14:47:15 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2009/10/29 15:39:16 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593} [2009/05/09 06:34:41 \| 00,000,000 \| ---D \| M] -- C:\Users\Chae Eun\AppData\Roaming\mozilla\Firefox\Profiles\xglqhf65.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/04/24 18:27:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009/09/18 09:25:28 \| 00,000,000 \| ---D \| M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/09/18 09:25:24 \| 00,023,032 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll [2009/09/18 09:25:24 \| 00,134,648 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll [2009/09/25 06:41:48 \| 01,044,480 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009/09/25 06:41:24 \| 01,650,992 \| ---- \| M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009/05/18 12:41:32 \| 00,098,304 \| ---- \| M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/09/18 09:25:26 \| 00,065,528 \| ---- \| M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 \| 00,103,792 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2007/04/16 07:07:12 \| 00,180,293 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll [2009/09/25 06:41:48 \| 00,200,704 \| ---- \| M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009/04/08 19:51:14 \| 00,001,394 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml [2009/04/08 19:51:14 \| 00,002,193 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2009/04/08 19:51:14 \| 00,001,534 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2009/04/08 19:51:14 \| 00,002,343 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml [2009/04/08 19:51:14 \| 00,001,706 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2009/04/08 19:51:14 \| 00,001,178 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml [2009/04/29 08:35:18 \| 00,000,787 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll () O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll () O3 - HKLM\..\Toolbar: (VDict toolbar) - {DF8BE390-5F8A-4890-8212-7427B5048607} - C:\Program Files (x86)\VDict toolbar\vdict.dll (Kamejoko Network) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Aim6] File not found O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [myQuickFind] c:\program files\hanmesoft\myquickfind2\myQuickUpdate.exe File not found O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [oovoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC) O4 - HKU\S-1-5-21-1699190045-97685707-2489270049-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} https://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab (Reg Error: Key error.) O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com/plugins/Plugin5.0.021...eetnoagent7.cab (Street Technologies ActiveX Control Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Leeloo's%20Talent%20Agency/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.star.hawaii.edu:10012/studentin...Script/smsx.cab (MeadCo ScriptX) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} http://web.spaceillusion.com/help/myDancer1020.cab (myDancerCTL Class) O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} http://listen.daum.net/52st/52street/S2MusicPlayer.dll (S2PlayerPan Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class) O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://update.nprotect.net/nprotect2007/pusan/npstarter.cab (nPCom2 Control) O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll (CSEQueryObject Object) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {858F06DE-CE31-491F-83AA-EADBCEB27548} http://download.pruna.com/update/pruna2008...loadControl.cab (PrunaDownloadControl Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActive...cab?ver=2,0,0,5 (Daum ActiveX manager Class) O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} http://web.spaceillusion.com/help/iDanceUpdater1034.cab (SiUpdaterCtrl Class) O16 - DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} http://www.melon.com/cab/P3MelWebInstall.cab (MOPlayerWnd2 Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Merriam%20Webster's%20Spell-Jam/Images/armhelper.ocx (ArmHelper Control) O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} http://player.muz.co.kr/package/installer2...03/p3Instal.cab (PcubeSet Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/pusan/npkcx.cab (NPKCX Control) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://poipubeach.serveftp.net:5001/activex/AMC.cab (AxisMediaControlEmb Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.171.3.13 128.171.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found 64bit:* O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/10/28 21:08:20 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\EmailNotifier [2009/10/29 21:48:13 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Skype [2009/10/28 21:08:54 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Roaming\ooVoo Details [2009/10/29 21:48:53 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Roaming\Skype [2009/10/29 21:49:57 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Roaming\skypePM [2009/10/18 18:50:49 \| 00,000,000 \| ---D \| C] -- C:\Users\Chae Eun\AppData\Local\AIM [2009/10/29 21:48:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Skype [2009/10/22 20:01:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Daum [2009/10/13 19:47:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\DirectVobSub [2009/10/10 10:07:50 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Microsoft [2009/10/28 21:07:36 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\ooVoo [2009/10/28 21:08:06 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\oovootb [2009/10/29 18:15:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Panda Security [2009/10/29 21:48:20 \| 00,000,000 \| R--D \| C] -- C:\Program Files (x86)\Skype [2009/10/28 14:28:46 \| 00,000,000 \| ---D \| C] -- C:\Program Files (x86)\Trend Micro [2009/11/03 15:15:40 \| 05,939,712 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/11/03 15:15:38 \| 01,638,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/10/30 13:23:47 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe [2009/10/29 13:52:06 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/29 06:50:30 \| 00,521,728 \| ---- \| C] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe [2009/10/13 12:27:04 \| 00,604,672 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009/10/13 12:26:52 \| 11,069,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009/10/13 12:26:51 \| 01,985,536 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009/10/13 12:26:50 \| 01,208,832 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009/10/13 12:26:50 \| 00,916,480 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009/10/13 12:26:49 \| 00,594,432 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009/10/13 12:26:49 \| 00,387,584 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009/10/13 12:26:49 \| 00,206,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009/10/13 12:26:48 \| 01,469,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009/10/13 12:26:48 \| 00,184,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009/10/13 12:26:48 \| 00,164,352 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009/10/13 12:26:47 \| 00,133,632 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009/10/13 12:26:46 \| 00,109,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009/10/13 12:26:46 \| 00,055,296 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009/10/13 12:26:46 \| 00,025,600 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009/10/13 12:26:45 \| 00,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009/10/13 12:26:44 \| 00,071,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009/10/13 12:26:44 \| 00,055,808 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009/10/13 12:26:44 \| 00,013,312 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009/10/13 12:24:06 \| 00,213,504 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009/10/13 12:23:54 \| 00,061,440 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll ========== Files - Modified Within 30 Days ========== [2009/11/05 07:09:28 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2009/11/05 07:05:43 \| 00,003,344 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/11/05 07:05:43 \| 00,003,344 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/11/05 07:05:36 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2009/11/05 07:05:12 \| 40,242,58560 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/05 07:03:50 \| 02,305,259 \| -H-- \| M] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db [2009/11/04 17:37:58 \| 00,028,160 \| ---- \| M] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/04 17:36:20 \| 17,397,9348 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\Produce_0.avi [2009/11/04 03:18:49 \| 00,000,346 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job [2009/11/02 16:54:23 \| 00,012,528 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\Cool eye.jpg [2009/11/01 11:31:42 \| 00,004,112 \| ---- \| M] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat [2009/10/31 00:30:45 \| 00,690,960 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2009/10/31 00:30:45 \| 00,587,178 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2009/10/31 00:30:45 \| 00,101,250 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2009/10/30 13:23:48 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\TFC.exe [2009/10/29 21:49:58 \| 00,000,056 \| -H-- \| M] () -- C:\Windows\SysWow64\ezsidmv.dat [2009/10/29 21:48:22 \| 00,001,890 \| ---- \| M] () -- C:\Users\Public\Desktop\Skype.lnk [2009/10/29 15:44:01 \| 00,000,180 \| ---- \| M] () -- C:\Windows\win.ini [2009/10/29 06:50:36 \| 00,521,728 \| ---- \| M] (OldTimer Tools) -- C:\Users\Chae Eun\Desktop\OTL.exe [2009/10/28 21:07:36 \| 00,000,591 \| ---- \| M] () -- C:\Users\Public\Desktop\ooVoo.lnk [2009/10/28 14:59:17 \| 00,019,866 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis [2009/10/28 14:28:46 \| 00,001,928 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk [2009/10/27 23:02:22 \| 00,001,013 \| ---- \| M] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2009/10/27 23:01:22 \| 00,001,421 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\DivX Movies.lnk [2009/10/25 17:52:58 \| 00,086,738 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\138.jpg [2009/10/24 10:37:09 \| 00,413,025 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg [2009/10/24 10:37:08 \| 00,393,399 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg [2009/10/24 10:37:07 \| 00,444,101 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg [2009/10/24 10:37:07 \| 00,353,909 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg [2009/10/22 22:35:06 \| 00,016,528 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx [2009/10/22 22:35:06 \| 00,012,689 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\final essay.docx [2009/10/21 16:14:52 \| 09,236,480 \| ---- \| M] () -- C:\Windows\SysNative\mshtml.dll [2009/10/21 13:24:16 \| 00,460,172 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg [2009/10/21 12:36:56 \| 01,638,912 \| ---- \| M] () -- C:\Windows\SysNative\mshtml.tlb [2009/10/21 00:40:08 \| 05,939,712 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009/10/20 22:19:16 \| 01,638,912 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009/10/18 18:25:11 \| 00,013,880 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\timmmmm.docx [2009/10/18 18:18:29 \| 00,011,284 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\timmmmm..docx [2009/10/18 15:36:09 \| 98,750,464 \| ---- \| M] () -- C:\Users\Chae Eun\Documents\Produce.wmv [2009/10/10 12:32:13 \| 00,408,430 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg [2009/10/10 10:15:44 \| 00,094,632 \| ---- \| M] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT [2009/10/10 10:15:05 \| 02,955,568 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2009/10/07 20:25:18 \| 00,326,343 \| ---- \| M] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma ========== Files - No Company Name ========== [2009/11/04 17:35:00 \| 17,397,9348 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\Produce_0.avi [2009/11/03 15:15:39 \| 09,236,480 \| ---- \| C] () -- C:\Windows\SysNative\mshtml.dll [2009/11/03 15:15:38 \| 01,638,912 \| ---- \| C] () -- C:\Windows\SysNative\mshtml.tlb [2009/11/02 16:54:20 \| 00,012,528 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\Cool eye.jpg [2009/11/01 19:30:09 \| 00,000,346 \| ---- \| C] () -- C:\Windows\tasks\HPCeeScheduleForChae Eun.job [2009/10/29 21:49:58 \| 00,000,056 \| -H-- \| C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009/10/29 21:48:22 \| 00,001,890 \| ---- \| C] () -- C:\Users\Public\Desktop\Skype.lnk [2009/10/29 18:15:26 \| 00,033,800 \| ---- \| C] () -- C:\Windows\SysNative\drivers\pavboot64.sys [2009/10/28 21:07:36 \| 00,000,591 \| ---- \| C] () -- C:\Users\Public\Desktop\ooVoo.lnk [2009/10/28 14:33:09 \| 00,019,866 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\OMGhijackthis [2009/10/28 14:28:46 \| 00,001,928 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\HijackThis.lnk [2009/10/27 23:02:22 \| 00,001,013 \| ---- \| C] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2009/10/25 17:52:58 \| 00,086,738 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\138.jpg [2009/10/24 10:37:09 \| 00,413,025 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0068.jpg [2009/10/24 10:37:08 \| 00,393,399 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0067.jpg [2009/10/24 10:37:07 \| 00,444,101 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0062.jpg [2009/10/24 10:37:07 \| 00,353,909 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0063.jpg [2009/10/22 19:35:32 \| 00,016,528 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\Midterm_US_157[1][1].docx [2009/10/22 19:35:32 \| 00,012,689 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\final essay.docx [2009/10/21 13:24:16 \| 00,460,172 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0059.jpg [2009/10/18 18:25:10 \| 00,013,880 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\timmmmm.docx [2009/10/18 18:18:28 \| 00,011,284 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\timmmmm..docx [2009/10/18 14:41:47 \| 98,750,464 \| ---- \| C] () -- C:\Users\Chae Eun\Documents\Produce.wmv [2009/10/13 12:27:32 \| 04,691,016 \| ---- \| C] () -- C:\Windows\SysNative\ntoskrnl.exe [2009/10/13 12:27:02 \| 00,818,688 \| ---- \| C] () -- C:\Windows\SysNative\WMSPDMOD.DLL [2009/10/13 12:26:53 \| 12,461,568 \| ---- \| C] () -- C:\Windows\SysNative\ieframe.dll [2009/10/13 12:26:51 \| 02,334,208 \| ---- \| C] () -- C:\Windows\SysNative\iertutil.dll [2009/10/13 12:26:50 \| 01,484,288 \| ---- \| C] () -- C:\Windows\SysNative\urlmon.dll [2009/10/13 12:26:50 \| 01,147,904 \| ---- \| C] () -- C:\Windows\SysNative\wininet.dll [2009/10/13 12:26:50 \| 00,459,776 \| ---- \| C] () -- C:\Windows\SysNative\iedkcs32.dll [2009/10/13 12:26:49 \| 00,700,928 \| ---- \| C] () -- C:\Windows\SysNative\msfeeds.dll [2009/10/13 12:26:49 \| 00,243,712 \| ---- \| C] () -- C:\Windows\SysNative\occache.dll [2009/10/13 12:26:48 \| 01,538,560 \| ---- \| C] () -- C:\Windows\SysNative\inetcpl.cpl [2009/10/13 12:26:47 \| 00,162,816 \| ---- \| C] () -- C:\Windows\SysNative\ieUnatt.exe [2009/10/13 12:26:46 \| 00,252,416 \| ---- \| C] () -- C:\Windows\SysNative\iepeers.dll [2009/10/13 12:26:46 \| 00,132,096 \| ---- \| C] () -- C:\Windows\SysNative\iesysprep.dll [2009/10/13 12:26:46 \| 00,071,680 \| ---- \| C] () -- C:\Windows\SysNative\msfeedsbs.dll [2009/10/13 12:26:46 \| 00,070,656 \| ---- \| C] () -- C:\Windows\SysNative\ie4uinit.exe [2009/10/13 12:26:45 \| 00,012,288 \| ---- \| C] () -- C:\Windows\SysNative\msfeedssync.exe [2009/10/13 12:26:44 \| 00,219,136 \| ---- \| C] () -- C:\Windows\SysNative\ieui.dll [2009/10/13 12:26:44 \| 00,077,312 \| ---- \| C] () -- C:\Windows\SysNative\iesetup.dll [2009/10/13 12:26:44 \| 00,072,192 \| ---- \| C] () -- C:\Windows\SysNative\iernonce.dll [2009/10/13 12:26:44 \| 00,031,744 \| ---- \| C] () -- C:\Windows\SysNative\jsproxy.dll [2009/10/13 12:24:10 \| 00,174,592 \| ---- \| C] () -- C:\Windows\SysNative\drivers\srv2.sys [2009/10/13 12:24:06 \| 00,268,800 \| ---- \| C] () -- C:\Windows\SysNative\msv1_0.dll [2009/10/13 12:23:54 \| 00,082,944 \| ---- \| C] () -- C:\Windows\SysNative\msasn1.dll [2009/10/10 12:32:13 \| 00,408,430 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\IMAG0051.jpg [2009/10/07 20:25:16 \| 00,326,343 \| ---- \| C] () -- C:\Users\Chae Eun\Desktop\RT_cascada.wma [2009/08/29 15:57:59 \| 00,000,137 \| ---- \| C] () -- C:\Windows\viet1000.ini [2009/05/02 14:07:46 \| 00,000,022 \| ---- \| C] () -- C:\Windows\SysWow64\win28c88_va.dll [2009/05/02 14:06:51 \| 00,974,848 \| ---- \| C] () -- C:\Windows\SysWow64\LtDlgRes14n.dll [2009/04/13 11:11:44 \| 00,000,680 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\d3d9caps.dat [2009/04/13 10:32:42 \| 00,000,280 \| ---- \| C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig [2009/04/11 15:27:39 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\FnF4.txt [2009/04/11 12:52:42 \| 00,667,648 \| ---- \| C] () -- C:\Windows\SysWow64\MRUpdate.dll [2009/04/04 09:44:45 \| 00,226,768 \| ---- \| C] () -- C:\Windows\SysWow64\MuzLyrcs.dll [2009/04/04 09:44:45 \| 00,034,256 \| ---- \| C] () -- C:\Windows\SysWow64\MzWhatImListen2.dll [2009/03/03 14:14:31 \| 00,000,237 \| ---- \| C] () -- C:\Windows\SIERRA.INI [2009/03/03 08:21:58 \| 00,492,256 \| ---- \| C] () -- C:\Windows\SysWow64\MelonWebPlayer.dll [2009/02/28 14:42:01 \| 00,210,944 \| ---- \| C] () -- C:\Windows\SysWow64\MSVCRT10.DLL [2009/02/28 14:12:13 \| 00,213,072 \| ---- \| C] () -- C:\Windows\SysWow64\DNLEng.dll [2009/02/28 14:12:12 \| 02,433,024 \| ---- \| C] () -- C:\Windows\npdbplug.dll [2009/02/08 10:09:31 \| 00,004,112 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Roaming\wklnhst.dat [2009/02/08 02:47:00 \| 00,000,258 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2009/02/06 11:57:02 \| 00,028,160 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/05 18:00:32 \| 02,305,259 \| -H-- \| C] () -- C:\Users\Chae Eun\AppData\Local\IconCache.db [2009/02/04 19:22:53 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\QSwitch.txt [2009/02/04 19:22:53 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\DSwitch.txt [2009/02/04 19:22:53 \| 00,000,000 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\AtStart.txt [2009/02/04 19:18:41 \| 00,094,632 \| ---- \| C] () -- C:\Users\Chae Eun\AppData\Local\GDIPFONTCACHEV1.DAT [2009/01/15 20:32:49 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2009/01/15 20:32:38 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2009/01/15 20:32:01 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2009/01/15 20:30:19 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2009/01/15 20:27:39 \| 00,000,032 \| ---- \| C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2008/10/22 23:03:19 \| 00,000,109 \| ---- \| C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2008/10/22 22:52:09 \| 00,000,110 \| ---- \| C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2008/10/22 22:48:54 \| 00,000,105 \| ---- \| C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2008/10/22 22:46:28 \| 00,000,107 \| ---- \| C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2008/01/20 16:50:05 \| 00,060,124 \| ---- \| C] () -- C:\Windows\SysWow64\tcpmon.ini [2008/01/20 16:49:49 \| 00,368,640 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006/11/02 05:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files\desktop.ini [2006/11/02 05:25:49 \| 00,000,174 \| -HS- \| C] () -- C:\Program Files (x86)\desktop.ini [2006/11/02 02:34:27 \| 00,000,219 \| ---- \| C] () -- C:\Windows\system.ini [2006/11/02 02:34:27 \| 00,000,180 \| ---- \| C] () -- C:\Windows\win.ini [2006/09/29 15:22:28 \| 00,393,216 \| ---- \| C] () -- C:\Windows\SysWow64\INICRYPTOSDK.dll [2005/05/18 21:38:01 \| 00,000,208 \| ---- \| C] () -- C:\Windows\SysWow64\NDMMUpdate.ini [2005/04/18 19:57:57 \| 00,262,253 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_LP3000.dll [2005/04/18 19:57:57 \| 00,233,472 \| ---- \| C] () -- C:\Windows\SysWow64\MSNetSync.dll [2005/04/18 19:57:57 \| 00,131,072 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_MPIO.dll [2005/04/18 19:57:57 \| 00,126,976 \| ---- \| C] () -- C:\Windows\SysWow64\STLicCheck.dll [2005/04/18 19:57:57 \| 00,126,976 \| ---- \| C] () -- C:\Windows\SysWow64\NetSync14xs.dll [2005/04/18 19:57:57 \| 00,122,880 \| ---- \| C] () -- C:\Windows\SysWow64\TS-200USB.dll [2005/04/18 19:57:57 \| 00,077,900 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_DEVICE.dll [2005/04/18 19:57:57 \| 00,077,882 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_TS-200.dll [2005/04/18 19:57:57 \| 00,073,839 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_TC100.dll [2005/04/18 19:57:57 \| 00,073,728 \| ---- \| C] () -- C:\Windows\SysWow64\TCC730USB.dll [2005/04/18 19:57:57 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\USBDevice.dll [2005/04/18 19:57:57 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\TuneCaption.dll [2005/04/18 19:57:57 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\NDM_NMP300RA.dll [2005/04/18 19:57:57 \| 00,045,056 \| ---- \| C] () -- C:\Windows\SysWow64\WrapperCtl.dll [2005/04/18 19:57:57 \| 00,040,960 \| ---- \| C] () -- C:\Windows\SysWow64\NED_v20.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NetSync_Dit.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NEDP_v13.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NEDH_v13.dll [2005/04/18 19:57:57 \| 00,036,864 \| ---- \| C] () -- C:\Windows\SysWow64\NEDdll.dll [2005/04/18 19:57:57 \| 00,032,768 \| ---- \| C] () -- C:\Windows\SysWow64\YariMediaDRM.dll [2005/04/18 19:57:57 \| 00,032,768 \| ---- \| C] () -- C:\Windows\SysWow64\UsbDLL.dll [2005/04/18 19:57:56 \| 00,684,032 \| ---- \| C] () -- C:\Windows\SysWow64\libeay32.dll [2005/04/18 19:57:56 \| 00,192,616 \| ---- \| C] () -- C:\Windows\SysWow64\FlashCtl.dll [2005/04/18 19:57:56 \| 00,065,536 \| ---- \| C] () -- C:\Windows\SysWow64\MASWizPC.dll [2005/04/18 19:57:56 \| 00,065,536 \| ---- \| C] () -- C:\Windows\SysWow64\DitDrm.dll [2005/04/18 19:57:56 \| 00,053,248 \| ---- \| C] () -- C:\Windows\SysWow64\CTDRM.dll [2005/04/18 19:57:56 \| 00,045,056 \| ---- \| C] () -- C:\Windows\SysWow64\FileTransfer.dll [2005/02/16 03:55:25 \| 00,077,824 \| ---- \| C] () -- C:\Windows\SysWow64\akrip.dll [2005/01/27 00:20:10 \| 00,099,840 \| ---- \| C] () -- C:\Windows\SysWow64\lame_enc.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\.vbs /s /md5 > [disable.vbs : MD5=66ECFF0FCBCD03251EB2E51815268C25] -> [2008/03/18 04:35:00 \| 00,000,181 \| ---- \| M] () -- C:\Program Files (x86)\Realtek\VISTA_8169\disable.vbs [enable.vbs : MD5=5D7F56641938468476433111BFC5DD4C] -> [2008/03/18 04:35:00 \| 00,000,182 \| ---- \| M] () -- C:\Program Files (x86)\Realtek\VISTA_8169\enable.vbs [Setup.vbs : MD5=32E9A26347669DDAC2B92DCDF6E8403F] -> [2008/08/15 07:15:20 \| 00,000,128 \| ---- \| M] () -- C:\SWSETUP\ESUVT\Setup.vbs [FUBID.vbs : MD5=F53DFF5424B0CF6E0B660687FDCCEB67] -> [2008/03/17 21:36:50 \| 00,004,138 \| ---- \| M] () -- C:\System.sav\Util\FUBID.vbs [Logo.vbs : MD5=7B31788E46CB323D6FAE64A43C97067B] -> [2007/12/12 01:44:02 \| 00,009,515 \| ---- \| M] () -- C:\System.sav\Util\Logo.vbs [MBRINST.VBS : MD5=B2F32672C2CC13E41EE930B5B29F03C8] -> [2007/12/19 23:40:20 \| 00,005,409 \| ---- \| M] () -- C:\System.sav\Util\MBRINST.VBS [RWUCINI.VBS : MD5=E44E88808C215EFFD2547BEA13D3F0CF] -> [2008/07/17 03:01:26 \| 00,005,300 \| ---- \| M] () -- C:\System.sav\Util\RWUCINI.VBS [Replace.vbs : MD5=883968D43EB61ED8FD359B5AD8AB4588] -> [2008/01/28 05:50:54 \| 00,000,477 \| ---- \| M] () -- C:\System.sav\Util\TDC\Replace.vbs [slmgr.vbs : MD5=BCDBB5CEA1E8AEA0FA353691EB003728] -> [2009/02/18 08:41:13 \| 00,092,918 \| ---- \| M] () -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6002.18005_none_23541afe1d637c0d\slmgr.vbs [slmgr.vbs : MD5=BCDBB5CEA1E8AEA0FA353691EB003728] -> [2009/02/18 08:39:57 \| 00,092,918 \| ---- \| M] () -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6002.18005_none_c7357f7a65060ad7\slmgr.vbs [slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:49:25 \| 00,080,047 \| ---- \| M] () -- C:\Windows\SysWow64\slmgr.vbs [winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 \| 00,195,122 \| ---- \| M] () -- C:\Windows\SysWow64\winrm.vbs [prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:35 \| 00,105,940 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prncnfg.vbs [prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:35 \| 00,051,312 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prndrvr.vbs [prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:35 \| 00,069,882 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnjobs.vbs [prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:35 \| 00,081,048 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnmngr.vbs [prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:35 \| 00,056,756 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnport.vbs [prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:35 \| 00,051,462 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\prnqctl.vbs [pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:35 \| 00,007,418 \| ---- \| M] () -- C:\Windows\SysWow64\Printing_Admin_Scripts\en-US\pubprn.vbs [slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:49:25 \| 00,080,047 \| ---- \| M] () -- C:\Windows\SysWOW64\slmgr.vbs [winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 \| 00,195,122 \| ---- \| M] () -- C:\Windows\SysWOW64\winrm.vbs [prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:35 \| 00,105,940 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prncnfg.vbs [prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:35 \| 00,051,312 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs [prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:35 \| 00,069,882 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs [prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:35 \| 00,081,048 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs [prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:35 \| 00,056,756 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs [prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:35 \| 00,051,462 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs [pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:35 \| 00,007,418 \| ---- \| M] () -- C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs [gatherWiredInfo.vbs : MD5=4599D028A0CA8B54555CF72345940B45] -> [2008/01/20 16:48:38 \| 00,012,198 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6001.18000_none_c78aaa4c2be1bd30\gatherWiredInfo.vbs [gatherWiredInfo.vbs : MD5=4599D028A0CA8B54555CF72345940B45] -> [2008/01/20 16:48:38 \| 00,012,198 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.0.6002.18005_none_c97623582903887c\gatherWiredInfo.vbs [adsutil.vbs : MD5=9652B69927FBA64B582CA6FB5C53B8C8] -> [2006/11/02 05:05:10 \| 00,098,133 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\adsutil.vbs [clusftp.vbs : MD5=18DBFEFFB9EE49928B9A712338CA2161] -> [2006/11/02 05:05:11 \| 00,004,346 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\clusftp.vbs [clusweb.vbs : MD5=00A7EB49FF5B094D3946A241923B248E] -> [2006/11/02 05:05:10 \| 00,004,341 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\clusweb.vbs [IIsExt.vbs : MD5=DEA7216F6BF353030BC7FE18E98CEE99] -> [2006/11/02 05:05:11 \| 00,041,401 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\IIsExt.vbs [iisswtch.vbs : MD5=6147127ED9AFBFC853B8978F83724BC2] -> [2008/01/20 16:51:28 \| 00,012,796 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_da65086d2f946ff3\iisswtch.vbs [prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:04 \| 00,105,940 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prncnfg.vbs [prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:03 \| 00,051,312 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prndrvr.vbs [prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:03 \| 00,069,882 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnjobs.vbs [prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:03 \| 00,081,048 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnmngr.vbs [prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:04 \| 00,056,756 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnport.vbs [prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:04 \| 00,051,462 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\prnqctl.vbs [pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:03 \| 00,007,418 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_6895397e07c2b2de\pubprn.vbs [slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:48:26 \| 00,080,047 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6001.18000_none_2168a1f22041b0c1\slmgr.vbs [winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:22 \| 00,195,122 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6001.18000_none_268410e365653d8b\winrm.vbs [winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:22 \| 00,195,122 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6002.18005_none_286f89ef628708d7\winrm.vbs [gatherWirelessInfo.vbs : MD5=6FC460B97C3C936CFD4C4B6860A611E6] -> [2009/04/02 09:46:59 \| 00,014,827 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_f62a24c4c05a40af\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=6FC460B97C3C936CFD4C4B6860A611E6] -> [2009/04/01 06:31:14 \| 00,014,827 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_f6b1991dd979e10d\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 \| 00,015,181 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18000_none_f862ddd6bd43926e\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 \| 00,015,181 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_f8146492bd7d36fc\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 \| 00,015,181 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_f8b3a31bd68a9c0b\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 \| 00,015,181 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_fa4e56e2ba655dba\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 \| 00,015,181 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_fa0c7710ba96ec09\gatherWirelessInfo.vbs [gatherWirelessInfo.vbs : MD5=956481EDE95CBF973D0192F980DDA4A6] -> [2008/01/20 16:47:53 \| 00,015,181 \| ---- \| M] () -- C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_fa8742c7d3c04268\gatherWirelessInfo.vbs [clusftp.vbs : MD5=18DBFEFFB9EE49928B9A712338CA2161] -> [2006/11/02 05:05:14 \| 00,004,346 \| ---- \| M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\clusftp.vbs [clusweb.vbs : MD5=00A7EB49FF5B094D3946A241923B248E] -> [2006/11/02 05:05:14 \| 00,004,341 \| ---- \| M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\clusweb.vbs [IIsExt.vbs : MD5=DEA7216F6BF353030BC7FE18E98CEE99] -> [2006/11/02 05:05:14 \| 00,041,401 \| ---- \| M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\IIsExt.vbs [iisswtch.vbs : MD5=6147127ED9AFBFC853B8978F83724BC2] -> [2008/01/20 16:51:28 \| 00,012,796 \| ---- \| M] () -- C:\Windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.0.6001.18000_none_e4b9b2bf63f531ee\iisswtch.vbs [winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 \| 00,195,122 \| ---- \| M] () -- C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6001.18000_none_30d8bb3599c5ff86\winrm.vbs [winrm.vbs : MD5=628FBD4EF5BD0082C473AB1291F5A46E] -> [2008/01/20 16:49:55 \| 00,195,122 \| ---- \| M] () -- C:\Windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6002.18005_none_32c4344196e7cad2\winrm.vbs [prncnfg.vbs : MD5=31D7079AF27F244E6AA5B7A7C8FE75F3] -> [2006/11/02 05:13:35 \| 00,105,940 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prncnfg.vbs [prndrvr.vbs : MD5=96289191763ACF8E4AB69F622262B15F] -> [2006/11/02 05:13:35 \| 00,051,312 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prndrvr.vbs [prnjobs.vbs : MD5=03E9BADC32A52E3CB44E4277803CFFF9] -> [2006/11/02 05:13:35 \| 00,069,882 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnjobs.vbs [prnmngr.vbs : MD5=816213C95FC12D011BF789213E1CC973] -> [2006/11/02 05:13:35 \| 00,081,048 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnmngr.vbs [prnport.vbs : MD5=F7D4D187D8F3490C11F6E4D7AED2B72D] -> [2006/11/02 05:13:35 \| 00,056,756 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnport.vbs [prnqctl.vbs : MD5=C36D1285B62C6739B465A285148E4000] -> [2006/11/02 05:13:35 \| 00,051,462 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\prnqctl.vbs [pubprn.vbs : MD5=AB328741766A47CACE8978A24260C51A] -> [2006/11/02 05:13:35 \| 00,007,418 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0c769dfa4f6541a8\pubprn.vbs [slmgr.vbs : MD5=202F0D89E2B265C2E10DC84889D20809] -> [2008/01/20 16:49:25 \| 00,080,047 \| ---- \| M] () -- C:\Windows\winsxs\x86_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6001.18000_none_c54a066e67e43f8b\slmgr.vbs < C:\windows\system32\drivers\.sys /md5 > [mbam.sys : MD5=85B75DBE230073C805AD0F0635D6662C] -> [2009/04/06 09:32:46 \| 00,015,504 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys [mbamswissarmy.sys : MD5=00C4A0992D4EA5520AC12DB4FD11C3E3] -> [2009/09/10 14:54:06 \| 00,038,224 \| ---- \| M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [pxhelp20.sys : MD5=49452BFCEC22F36A7A9B9C2181BC3042] -> [2008/11/20 09:19:06 \| 00,043,872 \| ---- \| M] (Sonic Solutions) -- C:\Windows\SysWow64\drivers\pxhelp20.sys < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [EventLog.dll : MD5=C2A279A458A06DE2C83D842AA042B5A8] -> [2007/05/17 18:34:04 \| 00,007,216 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [scecli.dll : MD5=9922ADB6DCA8F0F5EA038BEFF339C08B] -> [2009/04/10 21:11:23 \| 00,235,520 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll [scecli.dll : MD5=8FC182167381E9915651267044105EE1] -> [2009/04/10 20:28:24 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9] -> [2008/01/20 16:50:28 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll [scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9] -> [2008/01/20 16:50:28 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\scecli.dll [scecli.dll : MD5=35F1DD99F9903BC267C2AF16B09F9BF7] -> [2008/01/20 16:49:49 \| 00,235,520 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9] -> [2008/01/20 16:50:28 \| 00,177,152 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [netlogon.dll : MD5=A3F1B171702CA04744EE514243B45BFB] -> [2009/04/10 21:11:16 \| 00,717,312 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE] -> [2009/04/10 20:28:23 \| 00,592,896 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F] -> [2008/01/20 16:48:28 \| 00,592,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll [netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F] -> [2008/01/20 16:48:28 \| 00,592,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netlogon.dll [netlogon.dll : MD5=5D0A4891F8CD0E9E64FF57A6A34044F5] -> [2008/01/20 16:51:03 \| 00,716,800 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F] -> [2008/01/20 16:48:28 \| 00,592,384 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > [cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D] -> [2006/11/01 23:46:03 \| 00,011,776 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWow64\cngaudit.dll [cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D] -> [2006/11/01 23:46:03 \| 00,011,776 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cngaudit.dll [cngaudit.dll : MD5=21322B1A2AD337C579F4A65EA0D25193] -> [2006/11/02 01:16:48 \| 00,014,848 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D] -> [2006/11/01 23:46:03 \| 00,011,776 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > [nvstor.sys : MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA] -> [2008/01/20 16:46:54 \| 00,054,328 \| ---- \| M] (NVIDIA Corporation) -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < %SYSTEMDRIVE%\atapi.sys /s /md5 > [atapi.sys : MD5=E68D9B3A3905619732F7FE039466A623] -> [2009/04/10 21:15:00 \| 00,020,952 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [atapi.sys : MD5=35137384FFB6FB4B4C3063CEB5DB34BE] -> [2008/10/22 21:46:45 \| 00,022,584 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_37d5e5fef5f86cf7\atapi.sys [atapi.sys : MD5=1898FAE8E07D97F2F6C2D5326C633FAC] -> [2008/01/20 16:46:50 \| 00,022,584 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [atapi.sys : MD5=B388797CAAB36D523840347CC6A39B96] -> [2008/10/22 21:46:44 \| 00,022,584 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_398211faf34b271a\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [AGP440.sys : MD5=F6F6793B7F17B550ECFDBD3B229173F7] -> [2008/01/20 16:46:51 \| 00,064,568 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [AGP440.sys : MD5=F6F6793B7F17B550ECFDBD3B229173F7] -> [2008/01/20 16:46:51 \| 00,064,568 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %TEMP%\. > [2009/11/05 07:06:18 \| 00,031,832 \| ---- \| M] () -- C:\Users\CHAEEU~1\AppData\Local\Temp\Chae Eun.bmp [2009/11/05 07:06:21 \| 00,000,002 \| ---- \| M] () -- C:\Users\CHAEEU~1\AppData\Local\Temp\ehmsas.txt [2009/11/05 07:11:42 \| 00,000,524 \| ---- \| M] () -- C:\Users\CHAEEU~1\AppData\Local\Temp\jusched.log [3 C:\Users\CHAEEU~1\AppData\Local\Temp\*.tmp files] ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Users\All Users\Temp:182E7BAA @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:182E7BAA @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\yoomin.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\Untitled (5).wma.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\merryxmas.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\lookanh.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\jasmine.wav:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Chae Eun\Documents\heyasan.wav:TOC.WMV @Alternate Data Stream - 119 bytes -> C:\Users\All Users\Temp:E80802C7 @Alternate Data Stream - 119 bytes -> C:\Users\All Users\Temp:50D4F48C @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E80802C7 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:50D4F48C @Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:74D9C82E @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:74D9C82E ========== Files - Unicode (All) ========== [2009/05/25 08:51:27 \| 00,001,863 \| ---- \| M] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition – Season 2.lnk [2009/05/25 08:51:27 \| 00,001,863 \| ---- \| C] ()(C:\Users\Public\Desktop\Audition ? Season 2.lnk) -- C:\Users\Public\Desktop\Audition – Season 2.lnk < End of report >

CatByte View Member Profile	Nov 5 2009, 07:32 PM Post #15
Classroom Administrator Group: Classroom Admin Posts: 19,747 Joined: 18-November 04 From: Canada Member No.: 18,614 Operating System: XP, Vista, Win7	Hi, What is this file> Do you recognize it? C:\Users\Public\Desktop\Audition ? Season 2.lnk Please do the following: CKScanner Download CKScanner by askey127 from Here & save it to your Desktop. Doubleclick CKScanner.exe then click Search For Files When the cursor hourglass disappears, click Save List To File A message box will verify the file saved Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Computer slow down and no net	0	ethycs	2,593	22nd August 2006 - 07:25 PM Last post by: ethycs
Virus, Spyware & Malware Removal Can't Control My Computer	6	-James Foster-	3,030	22nd December 2003 - 10:13 AM Last post by: cnm
Virus, Spyware & Malware Removal Computer Acting Up	3	EasTexan2	2,455	5th April 2004 - 01:28 PM Last post by: Daemon
Virus, Spyware & Malware Removal Hey there, I think my computer is about to explode!	0	Doug P.	1,731	3rd October 2006 - 09:33 PM Last post by: Doug P.
Virus, Spyware & Malware Removal My computer is only a month old and already hijacked. Pls help. HJT l	0	Vegas500	1,468	14th October 2006 - 08:16 PM Last post by: Vegas500