How do I delete BankerFox.A and Win32/Nuqel.E?

View previous topic View next topic Go down

How do I delete BankerFox.A and Win32/Nuqel.E?

Post by aran on 19th April 2010, 4:43 am

I am having trouble with BankerFox.A and Win32/Nuqel.E.
I tried to get rid of it by using Malwarebytes' Anti-Malware, but it seems like it is back again.
It is blocking me from using programs such as Microsoft Word, Wordpad, MSN messenger, Yahoo Messenger and even Malwarebytes' Anti-Malware. Also I can't delete any programs. Pop ups are becoming very annoying as well.
I tried to download combofix and OTL to fix it, but I wasn't able to install it because it says it is already infected.
How can I delete this thing?

aran
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-04-18
OS OS : windows xp
Points Points : 24338
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by Belahzur on 19th April 2010, 9:37 am

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by aran on 20th April 2010, 1:30 am

It wasn't allowing me to run it, so I had to turn it off and turn it on again to run it. It is also making files and folders that are transparent.
Anyway, here is the content of the log.txt.

exeHelper by Raktor
Build 20100414
Run at 18:27:12 on 04/19/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

aran
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-04-18
OS OS : windows xp
Points Points : 24338
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by Belahzur on 20th April 2010, 12:01 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by aran on 21st April 2010, 5:42 am

This one is from OTL.txt

OTL logfile created on: 2010-04-20 오후 10:09:38 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = c:\Users\Westwood206\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 0.35 Gb Free Space | 0.72% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.97 Gb Free Space | 61.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 47.27 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 999.63 Mb Total Space | 116.66 Mb Free Space | 11.67% Space Free | Partition Type: FAT
Drive L: | 74.36 Gb Total Space | 1.79 Gb Free Space | 2.41% Space Free | Partition Type: FAT32

Computer Name: WESTWOOD206-PC
Current User Name: Westwood206
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-18 16:25:56 | 000,562,176 | ---- | M] (OldTimer Tools) -- c:\Users\Westwood206\Downloads\OTL.exe
PRC - [2010-04-15 19:22:44 | 002,618,752 | ---- | M] (Daum Communications Corp.) -- C:\Program Files\Daum\Cleaner\DaumCleaner.exe
PRC - [2010-04-15 19:22:44 | 000,157,056 | ---- | M] (Daum Communications Corp.) -- C:\Program Files\Daum\Cleaner\DaumCleanerService.exe
PRC - [2010-01-20 23:22:44 | 000,792,440 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYAgent.aye
PRC - [2010-01-14 15:44:26 | 000,886,648 | ---- | M] (ESTsoft Corp) -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye
PRC - [2009-10-08 13:13:52 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009-02-06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008-10-28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-10-10 20:40:00 | 000,036,864 | ---- | M] () -- C:\Program Files\safe fence\sfencertsvc.exe
PRC - [2008-06-15 00:50:46 | 000,069,632 | ---- | M] (SoftRun Inc.) -- C:\Users\Public\SoftRun\NoPhishing\NPM.exe
PRC - [2008-06-12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2008-06-02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-06-02 19:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-01-28 18:23:21 | 000,199,368 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
PRC - [2008-01-19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008-01-19 00:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2007-10-10 18:45:34 | 000,111,288 | ---- | M] (NHN Corp.) -- C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe
PRC - [2007-09-14 18:12:20 | 000,049,152 | ---- | M] () -- C:\Users\Public\SoftRun\NoPhishing\NPNTService.exe
PRC - [2007-07-12 13:28:48 | 000,016,384 | ---- | M] ((주)싸이퍼로지스) -- C:\Windows\System32\PSCenter.exe


========== Modules (SafeList) ==========

MOD - [2010-04-18 16:25:56 | 000,562,176 | ---- | M] (OldTimer Tools) -- c:\Users\Westwood206\Downloads\OTL.exe
MOD - [2008-01-19 00:34:41 | 000,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrtip.dll
MOD - [2008-01-19 00:34:41 | 000,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\imekr8\imkrapi.dll
MOD - [2008-01-19 00:34:40 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMETIP.DLL
MOD - [2008-01-19 00:34:40 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IME\shared\IMJKAPI.DLL
MOD - [2008-01-19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Steam Client Service)
SRV - [2010-04-15 19:22:44 | 000,157,056 | ---- | M] (Daum Communications Corp.) [On_Demand | Running] -- C:\Program Files\Daum\Cleaner\DaumCleanerService.exe -- (DaumCleanerService)
SRV - [2010-03-15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-01-19 08:51:42 | 003,845,388 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010-01-14 15:44:26 | 000,886,648 | ---- | M] (ESTsoft Corp) [Auto | Running] -- C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye -- (ALYac_PZSrv)
SRV - [2009-08-24 05:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008-10-10 20:40:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\safe fence\sfencertsvc.exe -- (SafefenceRtSvc)
SRV - [2008-07-24 14:12:10 | 000,045,072 | ---- | M] () [Auto | Running] -- C:\Program Files\Freechal\PlusBar\pbsv.dll -- (pbsv)
SRV - [2008-06-02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008-01-19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-10-10 18:45:34 | 000,111,288 | ---- | M] (NHN Corp.) [Auto | Running] -- C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe -- (Naver Updater)
SRV - [2007-09-14 18:12:20 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Users\Public\SoftRun\NoPhishing\NPNTService.exe -- (NoPhishing)
SRV - [2007-07-12 13:28:48 | 000,016,384 | ---- | M] ((주)싸이퍼로지스) [Auto | Running] -- C:\Windows\System32\PSCenter.exe -- (PCsafer Online Monitoring Center)
SRV - [2007-01-25 10:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2010-04-12 11:26:58 | 000,019,384 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.sys -- (JRSKD24)
DRV - [2010-04-12 11:26:58 | 000,012,728 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2010-03-10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010-03-02 18:08:07 | 000,175,872 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2010-03-02 18:08:07 | 000,018,184 | ---- | M] (SoftCamp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2009-12-20 23:14:00 | 000,121,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2009-12-20 23:14:00 | 000,101,336 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009-12-18 01:27:00 | 000,087,648 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AmonTDLh.sys -- (AMonTDLH)
DRV - [2009-12-07 03:31:38 | 000,015,104 | ---- | M] ((c)NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)
DRV - [2009-07-20 18:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009-05-14 18:10:42 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-03-08 01:37:00 | 007,745,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-12-18 20:57:44 | 000,024,312 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Stopped] -- C:\Program Files\ESTsoft\ALYac\AYDrvSP.sys -- (AYDrvSP_ALYAC)
DRV - [2008-12-13 16:47:39 | 000,006,784 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSUKD24.sys -- (JRSUKD24)
DRV - [2008-10-22 16:05:08 | 000,432,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192u.sys -- (RTL8192U)
DRV - [2008-10-18 01:32:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008-10-18 01:32:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008-09-26 14:06:40 | 000,020,424 | ---- | M] (ESTsoft Corp) [Kernel | On_Demand | Running] -- C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys -- (AYDrvNT_ALYAC)
DRV - [2008-09-09 18:06:44 | 002,167,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-06-02 19:49:48 | 000,305,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008-05-08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008-05-08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008-05-08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008-04-20 22:01:12 | 000,058,752 | ---- | M] (NHN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NSavFlt.sys -- (NSavFlt)
DRV - [2008-01-18 22:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007-10-18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-04-13 05:56:48 | 000,279,680 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav.sys -- (vvftav)
DRV - [2007-04-13 05:56:46 | 000,100,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmcam326av.sys -- (vmcam326av)
DRV - [2007-01-25 10:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2006-11-02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005-06-24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005-05-26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005-05-26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {99E00A4C-D35E-11DD-BA95-9B6A56D89593}:2.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-03 07:02:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-03 07:02:11 | 000,000,000 | ---D | M]

[2009-10-02 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Westwood206\AppData\Roaming\Mozilla\Extensions
[2010-04-20 21:06:08 | 000,000,000 | ---D | M] -- C:\Users\Westwood206\AppData\Roaming\Mozilla\Firefox\Profiles\rv60i80m.default\extensions
[2009-10-03 10:00:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Westwood206\AppData\Roaming\Mozilla\Firefox\Profiles\rv60i80m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-12 01:38:15 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\Westwood206\AppData\Roaming\Mozilla\Firefox\Profiles\rv60i80m.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[2009-10-02 21:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-11-18 06:04:58 | 000,189,952 | ---- | M] ((주) 그래텍) -- C:\Program Files\Mozilla Firefox\plugins\NPGomtvx_nie.dll
[2009-10-31 23:23:20 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006-09-18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Updater For ooVoo Toolbar) - {442AE524-EBA5-4b17-82F3-888D68BC999A} - C:\Program Files\oovootb\auxi\oovooAu.dll (Visicom Media)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {638886B2-CF33-4EA0-AFF8-DC8E504500CB} - No CLSID value found.
O4 - HKLM..\Run: [AHNSD] C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [ALYac] C:\Program Files\ESTsoft\ALYac\AYUpdate.exe (ESTsoft Corp)
O4 - HKLM..\Run: [ClubBox] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [imekrmig7.0] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Pdbox28] File not found
O4 - HKLM..\Run: [Rainbow] File not found
O4 - HKLM..\Run: [showupdate] C:\Program Files\donkeyplus\show\update.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DaumCleaner] C:\Program Files\Daum\Cleaner\DaumCleaner.exe (Daum Communications Corp.)
O4 - HKCU..\Run: [donkeymp3] C:\Program Files\donkeymp3\update_check.exe (당나귀p2p)
O4 - HKCU..\Run: [donkeyp2p] C:\Program Files\donkeyp2p\update_check.exe (당나귀p2p)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [UmileEncoder] C:\ProgramData\Umile\UmileEncoder\LiveUpdator\zUpdator.exe ( )
O4 - Startup: C:\Users\Westwood206\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: HP 클립북 - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP 스마트 선택 - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: 사쿠라캐쉬 - {B9F6E34F-369A-443F-BBB6-E610771F619E} - Reg Error: Key error. File not found
O9 - Extra Button: Download YouTube video - {be473d99-52cc-45c8-a04e-6b093a607766} - C:\Program Files\YouTube Clip Extractor\ClipExtractor.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: arumin.co.kr ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: arumin.co.kr ([]추가동의일 is out of zone range - 20081228)
O15 - HKCU\..Trusted Domains: cyworld.com ([cyxso] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cyworld.com ([minihp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cyworld.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: cyworld.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: freechal.com ([2war] http in Trusted sites)
O15 - HKCU\..Trusted Domains: lgcard.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: lgcard.com ([]추가동의일 is out of zone range - 20081228)
O15 - HKCU\..Trusted Domains: mafiaonline.kr ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nate.com ([br] http in Trusted sites)
O15 - HKCU\..Trusted Domains: naver.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: netmarble.net ([suddenattack] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sayclub.com ([pmang] http in Trusted sites)
O15 - HKCU\..Trusted Domains: shinhan.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: shinhan.com ([]추가동의일 is out of zone range - 20081228)
O15 - HKCU\..Trusted Domains: shinhancard.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: shinhancard.com ([]추가동의일 is out of zone range - 20081228)
O15 - HKCU\..Trusted Domains: teacher.co.kr ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: unitel.co.kr ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: weppy.com ([]* in Trusted sites)
O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} [You must be registered and logged in to see this link.] (NowStarter2 Control)
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} [You must be registered and logged in to see this link.] (NeffyClient Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} [You must be registered and logged in to see this link.] (Tpwin Control)
O16 - DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} [You must be registered and logged in to see this link.] (Maildropfile Control)
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} [You must be registered and logged in to see this link.] (INISAFE Updater Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} [You must be registered and logged in to see this link.] (SCSK Control)
O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} [You must be registered and logged in to see this link.] (SessionControl Control)
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} [You must be registered and logged in to see this link.] (Nate Filebox Control)
O16 - DPF: {4AEA51B9-CD5D-4555-81C0-642ACF1E16B9} [You must be registered and logged in to see this link.] (Hydi Game Launcher)
O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} [You must be registered and logged in to see this link.] (SysInfoCJI Class)
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} [You must be registered and logged in to see this link.] (WRebw Module)
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} [You must be registered and logged in to see this link.] (ProWorksGrid Control)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} [You must be registered and logged in to see this link.] (XecureCKKB Class)
O16 - DPF: {7B1BB066-7BBB-11D4-A34E-0000F01A209C} [You must be registered and logged in to see this link.] (UniAuth Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} [You must be registered and logged in to see this link.] (XecureWeb 4.0 Client Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} [You must be registered and logged in to see this link.] (CyImage Class)
O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} [You must be registered and logged in to see this link.] (Pmang Login Control)
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} [You must be registered and logged in to see this link.] (eGSignPlus For_EBS Class)
O16 - DPF: {971A5328-1926-4ED6-B899-6C01338D4B32} [You must be registered and logged in to see this link.] (DCLinker Class)
O16 - DPF: {9EA96532-D7EA-4C49-BFED-A2C607BDDF02} [You must be registered and logged in to see this link.] (FileBox File Transfer Class)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} [You must be registered and logged in to see this link.] (BatchDownloader Class)
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} [You must be registered and logged in to see this link.] (Kdfense8 Control)
O16 - DPF: {A7512E45-3E11-4145-B1AE-6E06B397145D} [You must be registered and logged in to see this link.] (MagicControllerVista2 Control)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} [You must be registered and logged in to see this link.] (HanSetupCtrl1010 Class)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} [You must be registered and logged in to see this link.] (SKCInst1 Class)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} [You must be registered and logged in to see this link.] (INIwallet60 Control)
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} [You must be registered and logged in to see this link.] (MultiUpload Control)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} [You must be registered and logged in to see this link.] (NaverAXGuide Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 64.105.132.250 64.105.132.252 192.168.2.1
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\INITECH\SHTTP\InitechSHTTPInterface.10118.dll ((c) INITECH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Westwood206\Desktop\aran\VIOLIN-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Westwood206\Desktop\aran\VIOLIN-1.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-12-10 15:06:18 | 000,000,059 | RHS- | M] () - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{91ceab03-337b-11dd-878f-001d60d18b03}\Shell\AutoRun\command - "" = nqdymj.exe
O33 - MountPoints2\{91ceab03-337b-11dd-878f-001d60d18b03}\Shell\open\Command - "" = nqdymj.exe
O33 - MountPoints2\{a5c68f59-6666-11de-9cba-001d60d18b03}\Shell\AutoRun\command - "" = F:\abcgtvcq.cmd -- File not found
O33 - MountPoints2\{a5c68f59-6666-11de-9cba-001d60d18b03}\Shell\open\Command - "" = F:\abcgtvcq.cmd -- File not found
O33 - MountPoints2\{c137804b-56e6-11de-a1b0-001d60d18b03}\Shell - "" = AutoRun
O33 - MountPoints2\{c137804b-56e6-11de-a1b0-001d60d18b03}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-19 18:17:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-04-18 12:28:00 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Local\svvnbhlay
[2010-04-17 17:36:30 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Local\Daum
[2010-04-17 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Roaming\Malwarebytes
[2010-04-17 11:55:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-17 11:55:14 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-17 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-17 11:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-04-17 11:15:23 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010-04-17 11:15:23 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010-04-17 11:15:21 | 000,217,032 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010-04-17 11:15:21 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010-04-17 11:15:19 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010-04-17 11:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-04-17 11:15:15 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Roaming\PC Tools
[2010-04-17 11:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-04-17 11:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-04-15 20:51:26 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Local\qrvdgooxx
[2010-04-14 08:53:00 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-04-14 08:52:59 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-04-14 08:52:59 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010-04-14 08:52:58 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010-04-12 01:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2010-04-12 01:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\oovootb
[2010-04-12 01:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010-04-11 14:39:53 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Roaming\Mini Search
[2010-04-07 13:14:46 | 000,652,416 | ---- | C] ((c) Nowcom) -- C:\Windows\System32\NowUpdate.exe
[2010-03-31 22:53:25 | 000,418,312 | ---- | C] (서치링크) -- C:\Windows\System32\clubbox_buddysearch.exe
[2010-03-30 21:38:39 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010-03-30 21:38:38 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010-03-30 21:38:38 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-03-30 21:38:38 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010-03-30 21:38:38 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010-03-30 21:38:38 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-03-30 21:38:38 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010-03-30 21:38:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010-03-30 21:38:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010-03-30 21:38:38 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010-03-30 21:38:38 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010-03-25 20:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[10 C:\Users\Westwood206\Desktop\*.tmp files -> C:\Users\Westwood206\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Westwood206\*.tmp files -> C:\Users\Westwood206\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-20 22:10:49 | 006,029,312 | -HS- | M] () -- C:\Users\Westwood206\NTUSER.DAT
[2010-04-20 21:27:25 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-04-20 21:27:25 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-04-20 21:27:25 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-04-20 21:23:00 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3000271694-3872876465-734515343-1001UA.job
[2010-04-20 21:23:00 | 000,000,634 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3000271694-3872876465-734515343-1001Core.job
[2010-04-20 21:15:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-20 21:15:00 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-20 19:15:18 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0A26B0C-58A1-443C-8A99-DA4BD0F7C970}.job
[2010-04-20 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-20 19:14:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-20 01:35:20 | 000,524,288 | -HS- | M] () -- C:\Users\Westwood206\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010-04-20 01:35:20 | 000,065,536 | -HS- | M] () -- C:\Users\Westwood206\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010-04-20 01:34:40 | 003,904,046 | -H-- | M] () -- C:\Users\Westwood206\AppData\Local\IconCache.db
[2010-04-19 18:24:36 | 000,002,032 | ---- | M] () -- C:\Users\Westwood206\AppData\Local\d3d9caps.dat
[2010-04-18 16:34:23 | 000,205,824 | ---- | M] () -- C:\Users\Westwood206\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-12 20:16:55 | 000,000,098 | ---- | M] () -- C:\Windows\System32\fscflist.ini
[2010-04-12 19:55:57 | 000,000,079 | ---- | M] () -- C:\Windows\System32\fscagent.ini
[2010-04-12 19:53:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\PDBOXGame.html
[2010-04-12 11:26:58 | 000,019,384 | ---- | M] (SoftForum Corporation) -- C:\Windows\System32\JRSKD24.sys
[2010-04-12 11:26:58 | 000,012,728 | ---- | M] (SoftForum Corporation) -- C:\Windows\System32\JRSUKD25.SYS
[2010-04-12 01:38:08 | 000,000,549 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010-04-11 20:18:07 | 000,000,162 | -H-- | M] () -- C:\Users\Westwood206\Desktop\~$quote.doc
[2010-04-07 13:14:46 | 000,652,416 | ---- | M] ((c) Nowcom) -- C:\Windows\System32\NowUpdate.exe
[2010-04-06 02:01:21 | 002,838,528 | ---- | M] (Nowcom, Co. LTD.) -- C:\Windows\System32\clubbox.exe
[2010-04-04 10:21:17 | 000,000,162 | -H-- | M] () -- C:\Users\Westwood206\Desktop\~$search 02.doc
[2010-04-04 08:19:09 | 000,000,162 | -H-- | M] () -- C:\Users\Westwood206\Desktop\~$search 01.doc
[2010-03-30 16:38:16 | 000,167,936 | ---- | M] (Nowcom Co., Ltd.) -- C:\Windows\System32\fscagent.exe
[2010-03-30 16:36:42 | 000,163,840 | ---- | M] ((주)나우콤) -- C:\Windows\System32\downengine.dll
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-03-26 19:46:19 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\Global RBF.lnk
[2010-03-25 20:16:31 | 000,000,719 | -H-- | M] () -- C:\IPH.PH
[2010-03-25 20:16:29 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2010-03-25 15:35:52 | 000,075,264 | ---- | M] () -- C:\Users\Westwood206\Desktop\inaResume.doc
[2010-03-25 15:25:17 | 000,029,184 | ---- | M] () -- C:\Users\Westwood206\Desktop\과외광고.doc
[2010-03-22 01:12:20 | 000,418,312 | ---- | M] (서치링크) -- C:\Windows\System32\clubbox_buddysearch.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[10 C:\Users\Westwood206\Desktop\*.tmp files -> C:\Users\Westwood206\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Westwood206\*.tmp files -> C:\Users\Westwood206\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-17 11:15:23 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010-04-17 11:15:21 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010-04-17 11:15:21 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010-04-17 11:15:19 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010-04-12 01:38:08 | 000,000,549 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010-04-11 20:18:07 | 000,000,162 | -H-- | C] () -- C:\Users\Westwood206\Desktop\~$quote.doc
[2010-04-04 10:21:17 | 000,000,162 | -H-- | C] () -- C:\Users\Westwood206\Desktop\~$search 02.doc
[2010-04-04 08:19:09 | 000,000,162 | -H-- | C] () -- C:\Users\Westwood206\Desktop\~$search 01.doc
[2010-03-26 19:46:19 | 000,000,647 | ---- | C] () -- C:\Users\Public\Desktop\Global RBF.lnk
[2010-03-25 15:05:07 | 000,029,184 | ---- | C] () -- C:\Users\Westwood206\Desktop\과외광고.doc
[2010-03-25 14:30:16 | 000,075,264 | ---- | C] () -- C:\Users\Westwood206\Desktop\inaResume.doc
[2009-10-08 15:23:54 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009-10-08 15:23:54 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009-10-08 15:23:54 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009-10-08 15:23:54 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2009-09-04 01:17:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\cosa.dll
[2009-08-13 12:53:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009-07-16 15:18:46 | 001,123,000 | ---- | C] () -- C:\Windows\System32\HanWebMsg1056.dll
[2009-07-08 19:41:38 | 000,066,920 | ---- | C] () -- C:\Windows\System32\CMListControl.dll
[2009-06-19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009-05-14 18:10:42 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-01-16 18:33:19 | 000,041,152 | ---- | C] () -- C:\Windows\System32\HanGamePlugin19.dll
[2008-12-25 19:10:39 | 000,000,226 | ---- | C] () -- C:\Windows\System32\WebPonent_Down.ini
[2008-12-25 19:10:05 | 000,000,310 | ---- | C] () -- C:\Windows\XBRL.ini
[2008-12-25 19:10:05 | 000,000,250 | ---- | C] () -- C:\Windows\Kind.ini
[2008-12-11 13:27:24 | 000,424,684 | ---- | C] () -- C:\Users\Westwood206\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist
[2008-12-11 12:53:20 | 000,080,117 | ---- | C] () -- C:\Users\Westwood206\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2008-12-10 07:39:00 | 000,000,000 | ---- | C] () -- C:\Users\Westwood206\ntuser.dat.LOG2
[2008-11-29 09:43:13 | 000,000,098 | ---- | C] () -- C:\Windows\System32\fscflist.ini
[2008-11-29 09:43:13 | 000,000,079 | ---- | C] () -- C:\Windows\System32\fscagent.ini
[2008-11-15 14:30:54 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-11-15 14:30:51 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008-11-15 14:30:50 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008-11-15 14:30:50 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008-11-15 14:30:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008-11-15 14:30:01 | 000,000,342 | ---- | C] () -- C:\Windows\wininit.ini
[2008-11-05 22:30:03 | 000,000,592 | ---- | C] () -- C:\Users\Westwood206\PodsBlitz-0.log.0
[2008-11-02 22:36:15 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2008-11-02 22:36:15 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2008-10-06 18:36:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008-09-23 19:19:50 | 000,227,056 | ---- | C] () -- C:\Windows\System32\MuzLyrcs.dll
[2008-09-23 19:19:50 | 000,034,544 | ---- | C] () -- C:\Windows\System32\MzWhatImListen2.dll
[2008-09-23 17:43:02 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2008-08-20 16:30:46 | 000,000,037 | ---- | C] () -- C:\Windows\System32\PCClearPlusL.dll
[2008-08-15 11:51:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008-07-14 06:02:53 | 000,000,128 | ---- | C] () -- C:\ProgramData\nsavflt.hst
[2008-07-14 06:02:53 | 000,000,039 | ---- | C] () -- C:\ProgramData\ntavflt.hst
[2008-06-21 14:13:57 | 000,013,889 | ---- | C] () -- C:\Users\Westwood206\AppData\Roaming\com.kennettnet.MusicRescue.plist
[2008-06-21 14:13:56 | 000,001,422 | ---- | C] () -- C:\Users\Westwood206\AppData\Roaming\com.kennettnet.MusicRescueProfiles.plist
[2008-06-14 12:04:11 | 000,007,966 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008-06-09 18:30:37 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2008-06-08 03:57:50 | 000,205,824 | ---- | C] () -- C:\Users\Westwood206\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-06-08 01:52:39 | 000,077,824 | ---- | C] () -- C:\Windows\System32\nod.dll
[2008-06-07 23:49:44 | 001,139,384 | ---- | C] () -- C:\Windows\System32\HanWebMsg1053.dll
[2008-06-06 18:44:08 | 000,000,883 | ---- | C] () -- C:\Windows\FOK2.ini
[2008-06-05 23:02:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008-06-05 20:53:04 | 000,524,288 | -HS- | C] () -- C:\Users\Westwood206\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008-06-05 20:53:04 | 000,524,288 | -HS- | C] () -- C:\Users\Westwood206\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008-06-05 20:53:04 | 000,002,032 | ---- | C] () -- C:\Users\Westwood206\AppData\Local\d3d9caps.dat
[2008-06-05 20:53:04 | 000,000,020 | -HS- | C] () -- C:\Users\Westwood206\ntuser.ini
[2008-06-05 20:53:03 | 006,029,312 | -HS- | C] () -- C:\Users\Westwood206\NTUSER.DAT
[2008-06-05 20:53:03 | 000,262,144 | -H-- | C] () -- C:\Users\Westwood206\ntuser.dat.LOG1
[2008-06-05 20:53:03 | 000,065,536 | -HS- | C] () -- C:\Users\Westwood206\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008-05-30 17:06:08 | 000,044,560 | ---- | C] () -- C:\Windows\System32\plusbar.dll
[2008-01-14 10:24:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\WebPonent_Util.dll
[2007-01-25 10:31:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006-11-02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-09-12 01:31:40 | 000,266,240 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2003-03-05 18:57:50 | 000,005,021 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:082B157D
< End of report >

aran
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-04-18
OS OS : windows xp
Points Points : 24338
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by aran on 21st April 2010, 5:42 am

And this one is from Extras.txt

OTL Extras logfile created on: 2010-04-20 오후 10:09:38 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = c:\Users\Westwood206\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 0.35 Gb Free Space | 0.72% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.97 Gb Free Space | 61.14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 47.27 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 999.63 Mb Total Space | 116.66 Mb Free Space | 11.67% Space Free | Partition Type: FAT
Drive L: | 74.36 Gb Total Space | 1.79 Gb Free Space | 2.41% Space Free | Partition Type: FAT32

Computer Name: WESTWOOD206-PC
Current User Name: Westwood206
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe /add "%1" ((주)그래텍)
Directory [GomAudio.AddCur] -- "C:\Program Files\GRETECH\GomAudio\GOMA.exe" /addCur "%1" ((주)그래텍)
Directory [GomAudio.Play] -- C:\Program Files\GRETECH\GomAudio\GOMA.exe "%1" ((주)그래텍)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05690E5E-FB0A-44E7-A284-259733A4F862}" = lport=445 | protocol=6 | dir=in | app=system |
"{057C1A1E-F5A2-4DD7-BF75-3EE457A4988C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1630EC2D-E1CA-4F99-9E21-3F48778D4C8A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26884DAD-09DB-428E-8728-73E5278C7A27}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{28B747FC-6AA4-43E8-8DC4-6381D4D4FFF9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3CFCA369-9FE2-4E45-BD89-01011DA7F6B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{49CEACF3-73CD-48F7-BE72-4CB1D5B6136F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A76437F-9C95-4581-A2D4-4BE3DB8A4540}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{4FEFCA64-13C4-4DAF-A1D1-3638DD306B26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5130FD5E-3854-4FFC-9321-F01AFA1B51DD}" = rport=445 | protocol=6 | dir=out | app=system |
"{61339514-02D4-46F4-AD61-D132819F15D3}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{6F7247DE-C00F-4CF5-930C-05298D8A759D}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{7DD70814-59E2-43B0-B389-CCF648379A24}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{86773FA8-406E-4958-935B-6ACCDDF2ACB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{86C11462-FE78-41A3-9972-CD711E80E640}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{9901369A-7D61-4694-92F7-9C21C7706998}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA0BF2C0-B22D-47FD-A4FB-443DB5FEB358}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBFA2268-66F3-4DA8-853E-F458A65B3B5A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9D7F351-4424-42FE-9A75-6264CE5B5A90}" = rport=139 | protocol=6 | dir=out | app=system |
"{D45438BC-445D-4789-9832-7EA8E6C66C0D}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE870D6F-B2D1-446A-906C-7CE5CF3B36B0}" = lport=139 | protocol=6 | dir=in | app=system |
"{EAADEA01-737A-4828-AD02-BBFAD116F147}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB1D0381-30C9-47BA-A392-DF8411888570}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4885291-347E-459F-9605-510C80399DF0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F9F3F915-799A-42B1-A0FE-7E02F81E8CFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006BE312-B5F4-4D98-A62B-7678AB0FE581}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{07A898FE-0086-4A0B-8820-78FDC64F9BEF}" = protocol=6 | dir=in | app=c:\program files\nateon\bin\nateonmain.exe |
"{09005E4F-4F9C-43AE-ACDE-9E0F63FD92B5}" = protocol=6 | dir=in | app=g:\itunes\itunes.exe |
"{0B6B5ECD-2E13-400F-B68E-2063558285A3}" = protocol=17 | dir=in | app=c:\program files\gamehi_usa\suddenattackna\suddenattack.exe |
"{144E0B47-D995-4851-AB4F-0CFD67DA891D}" = protocol=17 | dir=in | app=c:\program files\nateon\bin\nateonmain.exe |
"{169DB70E-0BFF-4258-A9F9-A207D32C63BC}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{26F9F687-1B6C-4EA3-BFAD-932F38D2EC98}" = protocol=6 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa online 2\fifaonline2.nwzincompleted\ff2client.exe |
"{2B0623CC-272A-4C10-A063-6672B3210CFE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2CC68D50-6636-4C85-8678-51C9BD992A8D}" = protocol=6 | dir=in | app=c:\windows\system32\fscagent.exe |
"{332DC3F4-B819-4D33-B035-5420BCF68BDA}" = protocol=17 | dir=in | app=g:\new folder\ea sports(tm) fifa online 2\ff2client.exe |
"{3345DCAA-6649-40E4-ADD5-3D5D42AA92A0}" = protocol=17 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa online 2\ff2client.exe |
"{3490D9D5-75B7-4A38-8121-68539E1DFFFF}" = protocol=6 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa online 2\ff2client.exe |
"{388B14B3-35FE-422B-AEAE-CC3573B42DA8}" = protocol=6 | dir=in | app=c:\windows\system32\skcbgm.exe |
"{3EE3E89E-0068-4C0E-A735-502E29312F8C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{417105AA-1313-4B8D-A9A4-13E5F4AD548A}" = protocol=6 | dir=in | app=f:\new folder\ea sports(tm) fifa online 2\ff2client.exe |
"{485A93F7-02FD-45CE-83DF-809F305B8D24}" = protocol=6 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa online 2\ff2client.exe |
"{4B870DCD-A1A3-4A0D-919F-148A0362A62C}" = protocol=17 | dir=in | app=f:\t\combat arms\nmservice.exe |
"{4E2F327E-AFBB-4C0E-8466-F3BA9E1A3DB4}" = protocol=17 | dir=in | app=d:\ea sports(tm) fifa online 2\ff2client.exe |
"{52B65E77-A00D-4638-B967-009FE94227F2}" = protocol=17 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa 온라인 2\ff2client.exe |
"{54CCFDA9-D94B-45A7-B453-C625BDB08780}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{54FBDDD2-D576-4998-801D-2A70034A4CEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5662B1E6-A547-45BE-89B0-0C83962C7C2D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5CFAB5AF-50AD-482D-A998-422B2E599C68}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5D822892-550E-4AA2-A43A-1DE17265501B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{612B0F2E-65B8-4B60-8280-8DF53AD14AE2}" = protocol=6 | dir=in | app=c:\windows\system32\muz.exe |
"{613CAE30-A096-4DD7-9661-D4E2EA8A0DA6}" = protocol=17 | dir=in | app=c:\windows\system32\skcbgm.exe |
"{61527D0C-19E6-47CE-8BA7-586351EAB8DD}" = protocol=6 | dir=in | app=f:\tae\utorrent.exe |
"{63F043D0-294B-4DCE-A9A1-81C04110C1CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{640EFC47-420F-46FB-9A1A-7386EFC0F204}" = protocol=17 | dir=in | app=g:\itunes\itunes.exe |
"{6572E990-FE8E-4A46-94E1-D58A1A779314}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{65B173CE-1E6A-4CF2-98DA-91187AFEA038}" = protocol=17 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa online 2\fifaonline2.nwzincompleted\ff2client.exe |
"{68721C36-0EE2-4347-B914-CDE51D2DD0A6}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{6BF2EF30-9121-4A01-8459-91D65E129964}" = protocol=6 | dir=in | app=c:\program files\nateon\bin\nateonmain.exe |
"{71D060D0-8E2F-40B3-929C-AD2C77D161E8}" = protocol=6 | dir=in | app=c:\program files\gamehi_usa\suddenattackna\suddenattack.exe |
"{740E2333-DB55-403E-A3A7-B1673378C7AB}" = protocol=17 | dir=in | app=f:\new folder\ea sports(tm) fifa online 2\ff2client.exe |
"{76F8957B-E4DA-404D-AEC5-E0E0F8CCA808}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83E99BAD-1975-4FCF-94D4-85B59296C769}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{84FA8C94-7648-41C6-8143-3F0BB336CCC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85BDBA8B-595A-4881-BEAE-1AB7D8543019}" = protocol=17 | dir=in | app=c:\program files\ahnlab\vitzaru\msproxy.ahn |
"{86561D78-F452-4125-9F79-286ADC429259}" = protocol=17 | dir=in | app=c:\program files\youdonkey\mlcore\mlnet.exe |
"{8AB72438-8EB1-47F7-8840-4DC90BE75153}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8D04A870-7534-4BB3-8D2C-F4D6D194A1B1}" = protocol=17 | dir=in | app=g:\t\suddenattack.exe |
"{8D534279-1276-4A26-B7CA-CCD7D601B03E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E7D0E9F-6C67-408E-BC53-F0189BD1EBA0}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{95B6543F-7825-40BD-A410-57EAD70469CB}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9B85B7B6-1566-46F5-8796-55ECB3191EF5}" = protocol=6 | dir=in | app=c:\program files\youdonkey\mlcore\mlnet.exe |
"{9E5894AF-40AD-48AB-A141-43A80FA78E62}" = protocol=6 | dir=in | app=f:\t\combat arms\nmservice.exe |
"{9ED994AB-68B3-4E9F-A2A8-4B75ABD9D2BD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9F31AE2C-2D2A-4352-A01D-E945A4F458CA}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{9F3CE1FE-EC19-406D-AF13-B82787B025CB}" = protocol=6 | dir=in | app=f:\new folder\ea sports(tm) fifa online 2\ff2client.exe |
"{A16CCB68-19B4-4232-A848-3CAA878D2631}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A62F5050-122B-43F6-8EC3-4C5D617A810D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7BE5DE8-C95F-4B1A-BD8F-80EE21B95C72}" = protocol=17 | dir=in | app=c:\program files\wizet\mxcommon\nglc_maple.exe |
"{AAFDFB62-0FDA-4CE6-98AA-FB52309C3F55}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{AE84E021-8861-40D7-9D73-D5AD54986810}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B017ECB9-93DA-4587-941F-A6815E121243}" = protocol=6 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa 온라인 2\ff2client.exe |
"{B2CA7337-670F-4DA8-8D47-609BD766F1EE}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{B4BF3285-5691-404E-8CF3-4CE006A3CCFD}" = protocol=17 | dir=in | app=f:\tae\utorrent.exe |
"{B51D6EBF-3FEB-4EEC-B405-3DADC6A6EC17}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B700D233-7361-4CFE-B75E-6358F28D1305}" = protocol=17 | dir=in | app=c:\windows\system32\muz.exe |
"{B7D3EFA6-C8C8-4622-A793-EC6EE55B0274}" = protocol=6 | dir=in | app=d:\ea sports(tm) fifa online 2\ff2client.exe |
"{B96E792D-62CD-45E6-99D0-A3E025D046FB}" = protocol=6 | dir=in | app=g:\new folder\ea sports(tm) fifa online 2\ff2client.exe |
"{BD8E0EA9-51D7-4204-AE69-106C651CD772}" = protocol=17 | dir=in | app=c:\neowiz\pmang\ea sports(tm) fifa online 2\ff2client.exe |
"{BF5DDB1C-A890-4077-B15C-CD3AC0B72952}" = protocol=17 | dir=in | app=c:\windows\system32\fscagent.exe |
"{C13F5D3C-2E69-4BA8-ABFA-965B60174C00}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{C17F73DA-FA24-48B1-9B4D-FFFC13A0BCF3}" = protocol=17 | dir=in | app=c:\program files\nateon\bin\nateonmain.exe |
"{C3A7A372-557D-48E2-8DC4-764D9C9F7F62}" = protocol=6 | dir=in | app=g:\t\suddenattack.exe |
"{C40F42E0-9545-43AE-B25E-02759213A55B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{C6D020B2-59E9-4D01-8694-608D2ECEF661}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CB3E6D8C-C54B-46B9-B6B4-26045169DF71}" = protocol=6 | dir=in | app=c:\program files\wizet\mxcommon\nglc_maple.exe |
"{CD751C2F-324A-4D4D-B260-08A184D03B45}" = protocol=6 | dir=in | app=c:\program files\ahnlab\vitzaru\msproxy.ahn |
"{CDEA61EB-EF79-4ED9-BFD0-01433C00859A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D83085B0-9BFC-43FA-8A4D-7DB474B784E5}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{E069D012-92D3-49BF-9F69-F597EA7EA11B}" = protocol=17 | dir=in | app=f:\new folder\ea sports(tm) fifa online 2\ff2client.exe |
"{E0AFF1A7-F6A6-467A-893F-8E988D53E563}" = protocol=17 | dir=in | app=f:\t\combat arms\nmservice.exe |
"{EAD57450-1E43-4984-9CD7-E21A86C5BD40}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EB9A7B85-321B-4756-8C83-08E08CCFA4DE}" = protocol=17 | dir=in | app=c:2\t\suddenattack.exe |
"{F1FB8693-A91E-48E4-AA38-1953C5363800}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4FC078A-05D2-40F9-984C-271729B7C4F9}" = protocol=6 | dir=in | app=c:2\t\suddenattack.exe |
"{FD08CD7A-5E90-4A67-9B7D-B24FDAF73D33}" = protocol=6 | dir=in | app=f:\t\combat arms\nmservice.exe |
"{FD3B15A4-2D51-4F92-A7FF-30A2D8AF6010}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{089D7EA3-4881-4DEB-96B8-9E865EC4006E}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"TCP Query User{1A9C8AB8-BE70-4A6D-9EB1-0D675E066ADD}C:\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan\rohanclient.exe |
"TCP Query User{1CE7C91C-4949-4F42-A65E-F37DFA062932}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2D9ED53D-8906-4F9E-8C6F-7D4D4948FDF4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{312A6570-9392-4FF1-90E6-0294FF12EABA}C:\users\westwood206\appdata\local\temp\low\_nowcdn_\nowdownloader.exe" = protocol=6 | dir=in | app=c:\users\westwood206\appdata\local\temp\low\_nowcdn_\nowdownloader.exe |
"TCP Query User{394DEF4B-1DF3-4CFE-BE26-9B9FB066D742}C:\program files\steam\steamapps\th520\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\th520\half-life\hl.exe |
"TCP Query User{417A2533-DF27-41F5-B67E-6A5715FB3946}C:\program files\kbs kong v3\kong_v3.exe" = protocol=6 | dir=in | app=c:\program files\kbs kong v3\kong_v3.exe |
"TCP Query User{417BAD43-0118-4254-8AEC-47F434E1A3BD}C:\windows\system32\pdbox28.exe" = protocol=6 | dir=in | app=c:\windows\system32\pdbox28.exe |
"TCP Query User{4CA0916F-51D4-4582-A471-8AE5B3CEE9F5}C:\program files\steam\steamapps\th520\opposing force\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\th520\opposing force\hl.exe |
"TCP Query User{55094BFC-8705-497C-9139-5E75E71E6F70}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"TCP Query User{5535CDC8-62C0-4BB0-AC21-5069E9E19BAF}C:\neowiz\pmang\launcher\launchern.exe" = protocol=6 | dir=in | app=c:\neowiz\pmang\launcher\launchern.exe |
"TCP Query User{55E7A882-4029-4231-A579-17EDB5B2754B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{5805E5BB-EF14-4A19-A5EF-0A3744420205}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5C85600C-62A5-42BC-A5B5-C2E6A7C1C765}C:\windows\system32\clubbox.exe" = protocol=6 | dir=in | app=c:\windows\system32\clubbox.exe |
"TCP Query User{5FB88B20-C98E-4DFC-9AE7-3D42FC554B3D}C:\windows\nowvistaupdater.exe" = protocol=6 | dir=in | app=c:\windows\nowvistaupdater.exe |
"TCP Query User{6125B3F9-68A8-481F-A3D4-B1B35B89894A}C:\program files\steam\steamapps\unitz00\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\unitz00\condition zero\hl.exe |
"TCP Query User{66E73B4A-5EA7-4054-8175-D4793033A9F0}C:\program files\donkeyp2p\donkeyp2p.exe" = protocol=6 | dir=in | app=c:\program files\donkeyp2p\donkeyp2p.exe |
"TCP Query User{684CC3EB-898C-446E-90C6-508BFAF56A1C}C:\rohan_usa\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan_usa\rohanclient.exe |
"TCP Query User{6EB036E3-6F33-4520-85B3-0F158C275396}C:\neowiz\pmang\launcher\pm\launcher.exe" = protocol=6 | dir=in | app=c:\neowiz\pmang\launcher\pm\launcher.exe |
"TCP Query User{6F0727F8-FF52-4C22-AD46-B0AEFF6FCBEA}C:\program files\steam\steamapps\th520\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\th520\day of defeat\hl.exe |
"TCP Query User{72752FDF-0620-4456-9F60-4F2E84C6EAFA}C:\program files\donkeyp2p\donkeyp2p.exe" = protocol=6 | dir=in | app=c:\program files\donkeyp2p\donkeyp2p.exe |
"TCP Query User{763B6268-FC0C-4A93-BFF5-1D5722C8B119}C:\program files\mplay\crazy arcade\ca.exe" = protocol=6 | dir=in | app=c:\program files\mplay\crazy arcade\ca.exe |
"TCP Query User{923556F7-66BE-4C2A-8A86-1A1CEFB6F08E}C:\windows\system32\fscagent.exe" = protocol=6 | dir=in | app=c:\windows\system32\fscagent.exe |
"TCP Query User{9813771E-A144-433E-BB95-1EFA1808E793}C:\program files\donkeymp3\donkeymp3.exe" = protocol=6 | dir=in | app=c:\program files\donkeymp3\donkeymp3.exe |
"TCP Query User{A0648892-C454-4AB7-AD29-EC4698231650}C:\program files\mplay\crazy arcade\nmcosrv.exe" = protocol=6 | dir=in | app=c:\program files\mplay\crazy arcade\nmcosrv.exe |
"TCP Query User{B0A891D5-862D-4836-BF0D-109455DD97D8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B14651A9-DB5A-4C17-81B3-25C36B48BAF6}C:\windows\system32\grdmgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\grdmgr.exe |
"TCP Query User{B1C85AA3-D66D-4650-B74A-508E9C238E7F}C:\netmarble\netmarbledownloaderex\netmarbledownloader_engineex.exe" = protocol=6 | dir=in | app=c:\netmarble\netmarbledownloaderex\netmarbledownloader_engineex.exe |
"TCP Query User{C9A068B2-BE64-4980-A064-CFB161B65EE3}D:\rohan usa\rohanclient.exe" = protocol=6 | dir=in | app=d:\rohan usa\rohanclient.exe |
"TCP Query User{D36C7301-D271-48E5-BDD3-FAAC7B716F02}C:\nexon\nexonplug\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"TCP Query User{D5276A4D-36AB-4CD3-9A66-EA795C13F164}C:\neowiz\pmang\launcher\pm\pis.exe" = protocol=6 | dir=in | app=c:\neowiz\pmang\launcher\pm\pis.exe |
"TCP Query User{D60AE5AC-BD7E-4D4B-8C53-4AD723317406}C:\program files\steam\steamapps\unitz00\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\unitz00\counter-strike\hl.exe |
"TCP Query User{FC051A6E-CC25-4ECA-A647-11B8FA133A97}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{FDA427B9-449A-4DF8-AC34-691226492DAB}C:\program files\steam\steamapps\th520\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\th520\counter-strike\hl.exe |
"UDP Query User{0546F37B-3857-4911-A8C5-3A1600DC10B3}C:\neowiz\pmang\launcher\launchern.exe" = protocol=17 | dir=in | app=c:\neowiz\pmang\launcher\launchern.exe |
"UDP Query User{1272225B-75E9-45B3-84CA-9C2A596D6A99}C:\windows\system32\grdmgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\grdmgr.exe |
"UDP Query User{243E45F7-650E-4BD0-BEB7-A5819CDB871A}C:\windows\system32\clubbox.exe" = protocol=17 | dir=in | app=c:\windows\system32\clubbox.exe |
"UDP Query User{2A4E4C86-EBF0-4B19-A652-2773ED35E09B}C:\program files\steam\steamapps\th520\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\th520\counter-strike\hl.exe |
"UDP Query User{2A9AE50C-1F82-4C2C-B4FB-AEDD5B91CC88}C:\windows\system32\fscagent.exe" = protocol=17 | dir=in | app=c:\windows\system32\fscagent.exe |
"UDP Query User{2F222392-C89D-4277-A9FF-3B290FC688F6}C:\program files\steam\steamapps\th520\opposing force\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\th520\opposing force\hl.exe |
"UDP Query User{3915F384-63E3-4236-83E2-522CC9D29030}C:\windows\system32\pdbox28.exe" = protocol=17 | dir=in | app=c:\windows\system32\pdbox28.exe |
"UDP Query User{3B620747-0856-43B0-96EE-F61DF3856750}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{3E5ACA4E-67AB-470F-B5DF-2AA6346A5E24}C:\nexon\nexonplug\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"UDP Query User{49CB5C7D-8EB1-4E86-A5E4-BEA3BD4FF54F}C:\program files\mplay\crazy arcade\ca.exe" = protocol=17 | dir=in | app=c:\program files\mplay\crazy arcade\ca.exe |
"UDP Query User{560702D6-5F22-49E7-9CD9-42D5DDF94FC7}C:\neowiz\pmang\launcher\pm\launcher.exe" = protocol=17 | dir=in | app=c:\neowiz\pmang\launcher\pm\launcher.exe |
"UDP Query User{5E1F7389-5C58-44AD-B8DD-A53F1BCC98AE}C:\windows\nowvistaupdater.exe" = protocol=17 | dir=in | app=c:\windows\nowvistaupdater.exe |
"UDP Query User{6145D313-EC09-4D3C-9EEA-BFED37888B23}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{776AA163-C02B-4170-A25E-3B9034D86598}C:\program files\mplay\crazy arcade\nmcosrv.exe" = protocol=17 | dir=in | app=c:\program files\mplay\crazy arcade\nmcosrv.exe |
"UDP Query User{7E01D449-E860-4E7C-8705-B7CD3EEE62D3}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{86D48A4D-7F30-43A5-9CAC-EF38576C1411}C:\netmarble\netmarbledownloaderex\netmarbledownloader_engineex.exe" = protocol=17 | dir=in | app=c:\netmarble\netmarbledownloaderex\netmarbledownloader_engineex.exe |
"UDP Query User{8E21B4B7-A75B-45A3-867E-3FF7A0843D09}C:\program files\donkeyp2p\donkeyp2p.exe" = protocol=17 | dir=in | app=c:\program files\donkeyp2p\donkeyp2p.exe |
"UDP Query User{92752ED0-6488-4EBB-822E-7AE8004F35CF}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"UDP Query User{9AB4AC8F-61D7-4525-BA47-2050169F8A6F}C:\program files\donkeyp2p\donkeyp2p.exe" = protocol=17 | dir=in | app=c:\program files\donkeyp2p\donkeyp2p.exe |
"UDP Query User{A1825510-9948-43CD-8D49-09A9D9D2DB4B}C:\program files\steam\steamapps\th520\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\th520\half-life\hl.exe |
"UDP Query User{AAE272E3-1A85-481B-A100-3EB9C6F5B641}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{ABD1B6C8-292C-4834-B633-9CDB7317EED6}C:\program files\steam\steamapps\th520\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\th520\day of defeat\hl.exe |
"UDP Query User{BA6AE5E1-5085-48EA-B95E-F453F16F8F28}C:\users\westwood206\appdata\local\temp\low\_nowcdn_\nowdownloader.exe" = protocol=17 | dir=in | app=c:\users\westwood206\appdata\local\temp\low\_nowcdn_\nowdownloader.exe |
"UDP Query User{BFA119B1-4782-48AA-9804-46F9C9570C34}C:\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan\rohanclient.exe |
"UDP Query User{C0C88295-67DE-4CCC-A334-B7FF88F58FDC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CD0B3337-8FF9-43CF-ADE6-F27CDF018862}C:\program files\steam\steamapps\unitz00\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\unitz00\condition zero\hl.exe |
"UDP Query User{D1099801-6464-4373-8EA5-C747CDDE49E5}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{E0B5EAE5-1337-460F-83C6-43D6DD4DAEC2}C:\program files\donkeymp3\donkeymp3.exe" = protocol=17 | dir=in | app=c:\program files\donkeymp3\donkeymp3.exe |
"UDP Query User{EDACCBB1-8BB9-415D-9276-579D5C182E1B}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F37F9564-BF54-4828-91FB-EEC54242E426}C:\program files\kbs kong v3\kong_v3.exe" = protocol=17 | dir=in | app=c:\program files\kbs kong v3\kong_v3.exe |
"UDP Query User{F3A4F66F-BDDC-4F00-AF7D-5446EE4C70A5}C:\program files\steam\steamapps\unitz00\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\unitz00\counter-strike\hl.exe |
"UDP Query User{F931E17F-9037-436A-B376-D52E87A8D5B2}D:\rohan usa\rohanclient.exe" = protocol=17 | dir=in | app=d:\rohan usa\rohanclient.exe |
"UDP Query User{FC5B1C3D-EEE1-40CD-B5AC-8D1D79790295}C:\neowiz\pmang\launcher\pm\pis.exe" = protocol=17 | dir=in | app=c:\neowiz\pmang\launcher\pm\pis.exe |
"UDP Query User{FD5E8AAA-B5BA-4390-A5C9-9332210509B6}C:\rohan_usa\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan_usa\rohanclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft?Winter Fun Pack 2004 for Windows?XP
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D0BA845-A400-4B54-BF77-470235736954}" = OpenOffice.org Installer 1.0
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 업로드 도구
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3095C241-9622-48D8-BE8C-69AC80C51D24}" = HP Webcam
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41BA0B25-E249-4DD7-85D7-03472E9C0597}" = Windows Live Call
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4FEC2880-0ED9-44F4-AD20-1F4F4619B8F9}" = Mega Manager
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{564D4DC8-2D0F-4F95-BB3D-8C5EA7952DD7}" = Windows Live 메일
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68EDE5DF-6C2B-4202-8570-D1F78429D387}_is1" = Umile Encoder 1.9.9.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = 네이트온
"{69C6C880-1A5C-40A7-A914-C23532480E01}" = Windows Live Messenger
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A2E758A-028B-46BB-A11D-0608AB5A4ED3}" = Daum ActiveX 컨트롤 - Daum 배경음악 플레이어
"{6B554094-155B-47C8-9962-5CC9EAA7CFE2}" = 싸이월드 스튜디오
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{71BB73DF-BC5E-424E-B32A-954AFA7C0216}" = Windows Live 필수 패키지
"{732799C0-7785-43C5-8496-71546A062992}" = SuddenAttackNA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}" = Gamer HUD Lite
"{90110412-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90437F59-EBD1-4246-A3F6-FC85C0BEE437}" = Belkin N Wireless USB Adapter Driver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9F3F78EB-8C52-4D09-ADE2-BA82DB64D3ED}" = Windows Live 로그인 도우미
"{A00B2A53-60D9-4477-ADA3-60490770C5E0}" = Daum ActiveX 컨트롤 - 한메일 파일업로더
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1042-7B44-A81200000003}" = Adobe Reader 8.1.2 - Korean
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed SHIFT
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CC88474F-18B6-4209-8E9F-72425F00DDA7}" = NetmarbleSuddenAttack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = 코원 미디어 센터 - 제트오디오 Basic VX
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2F2778D-F663-4BC3-886C-61FDF8EBE2A0}" = Umile Encoder
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF24953A-2F93-4E30-BB3A-B853DB700854}" = 노피싱
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AhnLab MyKeyDefense 2.0" = AhnLab MyKeyDefense 2.0
"AhnLab Online Security" = AhnLab Online Security
"AIM_7" = AIM 7
"ALUpdate_is1" = 알툴즈 업데이트
"ALYac_is1" = 알약
"ALZip_is1" = 알집
"CBS 레인보우" = CBS Rainbow
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Combat Arms" = Combat Arms
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DaumCleaner" = Daum 클리너
"DtsFilter" = DTS+AC3 Filter
"eMule" = eMule
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"GoldWave v5.25" = GoldWave v5.25
"GOM Player" = GOM Player
"GomAudio" = GOM Audio
"HanSetup" = 한게임 자동 인스톨러
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"kdefense" = K-Defense8 Control - Ű
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPEG2코덱(libmpeg2/mad)" = MPEG2코덱(libmpeg2/mad)
"NaverPlayer" = Naver Player
"NaverSetup" = 네이버 ActiveX 가이드
"Nowcom 파일전송관리자" = Nowcom 파일전송관리자
"NVIDIA Drivers" = NVIDIA Drivers
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"PC 세이퍼 Plus" = PC 세이퍼 Plus
"RealAlt_is1" = Real Alternative 1.8.0
"show" = Show (동영상변환기)
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Doctor" = Spyware Doctor 7.0
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"UDS Component" = UDS Component
"UnINISafeWeb7" = INISafeWeb 7.0 (SFilter v1.0)
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live 필수 패키지
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit
"XecureWeb Control" = XecureWeb Control
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube Clip Extractor_is1" = YouTube Clip Extractor 1.0
"스티큐브 파일전송관리자" = 스티큐브 파일전송관리자
"클럽박스 파일전송관리자" = 클럽박스 파일전송관리자
"피디박스 파일전송관리자" = 피디박스 파일전송관리자

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"donkeymp3" = 당나귀mp3
"donkeyp2p" = 당나귀 P2P
"EmoDio" = EmoDio위젯 실행
"Hangame.com" = 한게임
"Vhard" = 브이하드

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-04-18 오후 3:27:34 | Computer Name = Westwood206-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module MSVCR80.dll, version 8.0.50727.4053, time stamp 0x4a594c79, exception
code 0xc0000005, fault offset 0x00014a7f, process id 0x16a0, application start time
0x01cadf2d2c73bca9.

Error - 2010-04-18 오후 3:44:01 | Computer Name = Westwood206-PC | Source = ESENT | ID = 484
Description = wlcomm (6056) C:\Users\Westwood206\AppData\Local\Microsoft\Windows
Live Contacts\{c56a13f2-0218-415e-81ab-eb455b2bf055}\: An attempt to remove the
folder "C:\Users\Westwood206\AppData\Local\Microsoft\Windows Live Contacts\{c56a13f2-0218-415e-81ab-eb455b2bf055}\DBStore\Backup\old"
failed with system error 145 (0x00000091): "The directory is not empty. ". The
remove folder operation will fail with error -1022 (0xfffffc02).

Error - 2010-04-18 오후 3:44:01 | Computer Name = Westwood206-PC | Source = ESENT | ID = 215
Description = wlcomm (6056) C:\Users\Westwood206\AppData\Local\Microsoft\Windows
Live Contacts\{c56a13f2-0218-415e-81ab-eb455b2bf055}\: The backup has been stopped
because it was halted by the client or the connection with the client failed.

Error - 2010-04-18 오후 6:43:02 | Computer Name = Westwood206-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module korwbrkr.dll_unloaded, version 0.0.0.0, time stamp
0x483b995b, exception code 0xc0000005, fault offset 0x66f77cf3, process id 0xc24,
application start time 0x01cadf44ff0a69da.

Error - 2010-04-19 오후 4:05:49 | Computer Name = Westwood206-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b1c Start Time: 01cadffb9e4bc38f Termination Time: 15

Error - 2010-04-19 오후 9:29:36 | Computer Name = Westwood206-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 2010-04-20 오후 10:21:39 | Computer Name = Westwood206-PC | Source = ESENT | ID = 484
Description = wlcomm (4480) C:\Users\Westwood206\AppData\Local\Microsoft\Windows
Live Contacts\{abc11b67-1c03-40cf-aa01-3589ac1d7223}\: An attempt to remove the
folder "C:\Users\Westwood206\AppData\Local\Microsoft\Windows Live Contacts\{abc11b67-1c03-40cf-aa01-3589ac1d7223}\DBStore\Backup\old"
failed with system error 145 (0x00000091): "The directory is not empty. ". The
remove folder operation will fail with error -1022 (0xfffffc02).

Error - 2010-04-20 오후 10:21:39 | Computer Name = Westwood206-PC | Source = ESENT | ID = 215
Description = wlcomm (4480) C:\Users\Westwood206\AppData\Local\Microsoft\Windows
Live Contacts\{abc11b67-1c03-40cf-aa01-3589ac1d7223}\: The backup has been stopped
because it was halted by the client or the connection with the client failed.

Error - 2010-04-21 오전 12:55:50 | Computer Name = Westwood206-PC | Source = ESENT | ID = 484
Description = wlcomm (2820) C:\Users\Westwood206\AppData\Local\Microsoft\Windows
Live Contacts\{abc11b67-1c03-40cf-aa01-3589ac1d7223}\: An attempt to remove the
folder "C:\Users\Westwood206\AppData\Local\Microsoft\Windows Live Contacts\{abc11b67-1c03-40cf-aa01-3589ac1d7223}\DBStore\Backup\old"
failed with system error 145 (0x00000091): "The directory is not empty. ". The
remove folder operation will fail with error -1022 (0xfffffc02).

Error - 2010-04-21 오전 12:55:50 | Computer Name = Westwood206-PC | Source = ESENT | ID = 215
Description = wlcomm (2820) C:\Users\Westwood206\AppData\Local\Microsoft\Windows
Live Contacts\{abc11b67-1c03-40cf-aa01-3589ac1d7223}\: The backup has been stopped
because it was halted by the client or the connection with the client failed.

[ System Events ]
Error - 2010-04-19 오후 9:23:01 | Computer Name = Westwood206-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-04-19 오후 9:24:43 | Computer Name = Westwood206-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-19 오후 9:24:43 | Computer Name = Westwood206-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2010-04-19 오후 9:24:43 | Computer Name = Westwood206-PC | Source = Service Control Manager | ID = 7016
Description =

Error - 2010-04-19 오후 9:25:53 | Computer Name = Westwood206-PC | Source = DCOM | ID = 10010
Description =

Error - 2010-04-20 오후 10:14:35 | Computer Name = Westwood206-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-04-20 오후 10:14:40 | Computer Name = Westwood206-PC | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-04-20 오후 10:14:50 | Computer Name = Westwood206-PC | Source = HTTP | ID = 15016
Description =

Error - 2010-04-20 오후 10:16:30 | Computer Name = Westwood206-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2010-04-20 오후 10:16:30 | Computer Name = Westwood206-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

aran
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-04-18
OS OS : windows xp
Points Points : 24338
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by Belahzur on 21st April 2010, 4:03 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {638886B2-CF33-4EA0-AFF8-DC8E504500CB} - No CLSID value found.
    O4 - HKLM..\Run: [ClubBox] File not found
    O4 - HKLM..\Run: [Pdbox28] File not found
    O4 - HKLM..\Run: [Rainbow] File not found
    O4 - HKLM..\Run: [showupdate] C:\Program Files\donkeyplus\show\update.exe ()
    O4 - HKCU..\Run: [donkeymp3] C:\Program Files\donkeymp3\update_check.exe (당나귀p2p)
    O4 - HKCU..\Run: [donkeyp2p] C:\Program Files\donkeyp2p\update_check.exe (당나귀p2p)
    O33 - MountPoints2\{91ceab03-337b-11dd-878f-001d60d18b03}\Shell\AutoRun\command - "" = nqdymj.exe
    O33 - MountPoints2\{91ceab03-337b-11dd-878f-001d60d18b03}\Shell\open\Command - "" = nqdymj.exe
    O33 - MountPoints2\{a5c68f59-6666-11de-9cba-001d60d18b03}\Shell\AutoRun\command - "" = F:\abcgtvcq.cmd -- File not found
    O33 - MountPoints2\{a5c68f59-6666-11de-9cba-001d60d18b03}\Shell\open\Command - "" = F:\abcgtvcq.cmd -- File not found
    O33 - MountPoints2\{c137804b-56e6-11de-a1b0-001d60d18b03}\Shell - "" = AutoRun
    [2010-04-18 12:28:00 | 000,000,000 | ---D | C] -- C:\Users\Westwood206\AppData\Local\svvnbhlay



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by aran on 22nd April 2010, 2:48 am

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{638886B2-CF33-4EA0-AFF8-DC8E504500CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{638886B2-CF33-4EA0-AFF8-DC8E504500CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ClubBox deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Pdbox28 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Rainbow deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\showupdate deleted successfully.
C:\Program Files\donkeyplus\show\update.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\donkeymp3 not found.
File C:\Program Files\donkeymp3\update_check.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\donkeyp2p not found.
File C:\Program Files\donkeyp2p\update_check.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ceab03-337b-11dd-878f-001d60d18b03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ceab03-337b-11dd-878f-001d60d18b03}\ not found.
File nqdymj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91ceab03-337b-11dd-878f-001d60d18b03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91ceab03-337b-11dd-878f-001d60d18b03}\ not found.
File nqdymj.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5c68f59-6666-11de-9cba-001d60d18b03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5c68f59-6666-11de-9cba-001d60d18b03}\ not found.
File F:\abcgtvcq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5c68f59-6666-11de-9cba-001d60d18b03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5c68f59-6666-11de-9cba-001d60d18b03}\ not found.
File F:\abcgtvcq.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c137804b-56e6-11de-a1b0-001d60d18b03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c137804b-56e6-11de-a1b0-001d60d18b03}\ not found.
C:\Users\Westwood206\AppData\Local\svvnbhlay folder moved successfully.

OTL by OldTimer - Version 3.2.1.2 log created on 04212010_184000

aran
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-04-18
OS OS : windows xp
Points Points : 24338
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by Belahzur on 22nd April 2010, 6:14 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by aran on 23rd April 2010, 6:51 am

Here is the log.

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

2010-04-22 오후 11:50:59
mbam-log-2010-04-22 (23-50-59).txt

Scan type: Quick scan
Objects scanned: 115224
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Freechal Corp (Adware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aran
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-04-18
OS OS : windows xp
Points Points : 24338
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do I delete BankerFox.A and Win32/Nuqel.E?

Post by Belahzur on 23rd April 2010, 3:37 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum