Your computer has keygens, which are a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?
Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.
Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
Please visit this webpage for a tutorial on downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
See the area: Using ComboFix, and when done, post the log back here.
Thank You for your effort in replying my issue. I can see now that the cracks and keygen could have malware hidden in them. I will try not to pirate anymore software from now. But I still don't know how does that involves with the System Idle Process eating all the CPU ? Have you ever experienced these kinds of issue before ? I mean issue about the System Idle Process things because I mostly see it goes with svchost.exe instead.
And here are the combofix log
ComboFix 11-10-26.03 - Nookia 10/26/2011 23:07:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.3327.2604 [GMT 7:00]
Running from: c:\documents and settings\Nookia\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-26 to 2011-10-26 )))))))))))))))))))))))))))))))
.
.
2011-10-26 14:01 . 2011-10-26 14:01 -------- d-----w- c:\program files\Defraggler
2011-10-26 09:33 . 2011-10-26 09:33 -------- d-----w- c:\documents and settings\Nookia\Application Data\Malwarebytes
2011-10-26 09:32 . 2011-10-26 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-26 09:32 . 2011-10-26 09:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-26 09:32 . 2011-08-31 10:00 22216 ----a-w- c:\winxp\system32\drivers\mbam.sys
2011-10-26 09:09 . 2011-10-26 09:09 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Activision
2011-10-26 08:59 . 2011-10-26 08:59 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\SKIDROW
2011-10-26 08:57 . 2011-10-26 08:57 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\My Games
2011-10-25 12:30 . 2011-10-25 12:30 -------- d-----w- C:\Log
2011-10-25 10:19 . 2011-10-25 10:19 -------- d-----w- c:\winxp\EA Sports FIFA Online 2
2011-10-25 10:19 . 2011-10-25 10:19 -------- d-----w- C:\Joy2Key
2011-10-24 11:10 . 2011-10-25 08:18 -------- d-----w- c:\program files\KONAMI
2011-10-18 02:29 . 2011-10-18 02:29 39424 ----a-w- c:\winxp\LZService.exe
2011-10-18 02:28 . 2009-10-05 19:47 132880 ----a-w- c:\winxp\system32\MSINET.OCX
2011-10-16 17:06 . 2010-06-01 21:55 74072 ----a-w- c:\winxp\system32\XAPOFX1_5.dll
2011-10-16 17:06 . 2010-06-01 21:55 527192 ----a-w- c:\winxp\system32\XAudio2_7.dll
2011-10-16 17:06 . 2010-06-01 21:55 239960 ----a-w- c:\winxp\system32\xactengine3_7.dll
2011-10-16 17:06 . 2010-05-26 04:41 2106216 ----a-w- c:\winxp\system32\D3DCompiler_43.dll
2011-10-16 17:06 . 2010-05-26 04:41 470880 ----a-w- c:\winxp\system32\d3dx10_43.dll
2011-10-16 17:06 . 2010-05-26 04:41 248672 ----a-w- c:\winxp\system32\d3dx11_43.dll
2011-10-16 17:06 . 2010-05-26 04:41 1868128 ----a-w- c:\winxp\system32\d3dcsx_43.dll
2011-10-16 17:06 . 2010-05-26 04:41 1998168 ----a-w- c:\winxp\system32\D3DX9_43.dll
2011-10-16 16:40 . 2011-10-16 16:40 -------- d-----w- c:\documents and settings\Nookia\Application Data\NVIDIA
2011-10-11 15:47 . 2010-02-04 03:01 74072 ----a-w- c:\winxp\system32\XAPOFX1_4.dll
2011-10-11 15:47 . 2010-02-04 03:01 528216 ----a-w- c:\winxp\system32\XAudio2_6.dll
2011-10-11 15:47 . 2010-02-04 03:01 238936 ----a-w- c:\winxp\system32\xactengine3_6.dll
2011-10-11 15:47 . 2010-02-04 03:01 22360 ----a-w- c:\winxp\system32\X3DAudio1_7.dll
2011-10-10 04:09 . 2011-10-10 04:09 4550304 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-07 05:33 . 2011-10-07 05:33 -------- d-----w- c:\program files\HHD Software
2011-10-06 03:54 . 2011-10-06 03:56 -------- d-----w- c:\documents and settings\Nookia\Application Data\fretsonfire
2011-10-06 03:53 . 2011-10-06 03:54 -------- d-----w- c:\program files\Frets on Fire
2011-10-04 03:14 . 2011-10-04 03:14 -------- d-----w- c:\program files\Activision
2011-10-04 02:58 . 2011-10-06 00:35 -------- d-----w- c:\documents and settings\Nookia\Local Settings\Application Data\Activision
2011-10-04 02:41 . 2011-10-04 02:41 -------- d-sh--w- c:\winxp\ftpcache
2011-10-02 08:56 . 2011-10-02 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2011-10-02 04:17 . 2011-10-02 04:17 -------- d-----w- c:\program files\Acoustica Shared Effects
2011-10-02 04:08 . 2011-10-02 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2011-10-02 04:07 . 2011-10-02 04:22 -------- d-----w- c:\program files\Acoustica Mixcraft 5
2011-10-01 15:51 . 2011-10-01 15:51 -------- d-----w- c:\program files\ASIO4ALL v2
2011-10-01 15:50 . 2011-10-01 15:50 -------- d-----w- c:\program files\VstPlugins
2011-10-01 15:50 . 2006-06-20 08:56 225280 ----a-w- c:\winxp\system32\rewire.dll
2011-10-01 15:50 . 2009-09-15 09:14 1554944 ----a-w- c:\winxp\system32\vorbis.acm
2011-10-01 15:50 . 2011-10-01 15:50 -------- d-----w- c:\program files\Outsim
2011-10-01 15:47 . 2011-10-01 15:50 -------- d-----w- c:\program files\Image-Line
2011-10-01 15:47 . 2011-10-01 15:47 1700352 ----a-w- c:\winxp\system32\gdiplus.dll
2011-10-01 15:44 . 2011-10-01 15:45 -------- d-----w- c:\program files\FL Studio
2011-09-30 13:34 . 2011-09-30 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-09-30 13:34 . 2011-09-30 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2011-09-30 13:32 . 2010-11-23 00:09 447752 ----a-r- c:\winxp\system32\vp6vfw.dll
2011-09-30 13:32 . 2011-09-30 13:32 -------- d-----w- c:\program files\Microsoft WSE
2011-09-29 10:46 . 2011-09-29 10:46 -------- d-----w- c:\documents and settings\Nookia\Local Settings\Application Data\Firaxis Games
2011-09-29 09:39 . 2011-09-29 09:39 -------- d-----w- c:\winxp\system32\XPSViewer
2011-09-29 01:58 . 2011-09-29 01:58 -------- d-----w- c:\program files\Reference Assemblies
2011-09-29 01:58 . 2008-07-06 12:06 89088 ----a-w- c:\winxp\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-09-29 01:58 . 2008-07-06 12:06 89088 -c----w- c:\winxp\system32\dllcache\filterpipelineprintproc.dll
2011-09-29 01:58 . 2008-07-06 12:06 117760 ------w- c:\winxp\system32\prntvpt.dll
2011-09-29 01:58 . 2011-09-29 01:58 -------- d-----w- C:\3f9d14be43711397db9ffd31043f28bc
2011-09-29 01:58 . 2008-07-06 12:06 575488 -c----w- c:\winxp\system32\dllcache\xpsshhdr.dll
2011-09-29 01:58 . 2008-07-06 12:06 575488 ------w- c:\winxp\system32\xpsshhdr.dll
2011-09-29 01:58 . 2008-07-06 12:06 1676288 -c----w- c:\winxp\system32\dllcache\xpssvcs.dll
2011-09-29 01:58 . 2008-07-06 12:06 1676288 ------w- c:\winxp\system32\xpssvcs.dll
2011-09-29 01:58 . 2008-07-06 10:50 597504 -c----w- c:\winxp\system32\dllcache\printfilterpipelinesvc.exe
2011-09-29 01:58 . 2008-07-06 10:50 597504 ------w- c:\winxp\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-09-29 01:54 . 2011-09-29 01:54 -------- d-----w- C:\cc6b51d250c0cea3656f1fb210
2011-09-29 01:54 . 2011-09-29 04:17 -------- d-----w- C:\02798d8739b357d4a4b0e2
2011-09-28 17:31 . 2011-09-28 17:53 -------- d-----w- C:\7beff02027e3d28540fca470
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-23 02:12 . 2011-09-10 01:59 414368 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2011-10-16 18:20 . 2011-06-24 13:11 444952 ----a-w- c:\winxp\system32\wrap_oal.dll
2011-10-16 18:20 . 2011-06-24 13:11 109080 ----a-w- c:\winxp\system32\OpenAL32.dll
2011-09-10 02:42 . 2011-09-10 02:42 73728 ----a-w- c:\winxp\system32\javacpl.cpl
2011-09-10 02:42 . 2011-09-10 02:42 472808 ----a-w- c:\winxp\system32\deployJava1.dll
2011-10-02 23:36 . 2011-05-16 09:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-09-16 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\dllcache\tcpip.sys
[-] 2010-09-16 . A5BC817BB84DCB9E71719FF868144124 . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KzShlobj]
@="{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"
[HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}]
2011-08-31 02:21 224288 ----a-w- c:\program files\ฟ์ัน\KZipShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2009-12-22 2127408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\winxp\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\winxp\system32\NvCpl.dll" [2010-10-16 13851752]
"IMJPMIG8.1"="c:\winxp\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\winxp\system32\NeroCheck.exe" [2001-07-09 155648]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Nookia\\My Documents\\Downloads\\Software\\Setup-MsgPlus-501.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"d:\\Games\\EA Sports\\FIFA Online 2\\FF2Client.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Thaicybergames
.
R0 mv61xx;mv61xx;c:\winxp\system32\drivers\mv61xx.sys [3/2/2011 3:45 PM 159024]
R0 mv61xxmm;mv61xxmm;c:\winxp\system32\drivers\mv61xxmm.sys [3/2/2011 3:45 PM 13616]
R0 mv64xxmm;mv64xxmm;c:\winxp\system32\drivers\mv64xxmm.sys [3/2/2011 3:45 PM 5632]
R0 mvxxmm;mvxxmm;c:\winxp\system32\drivers\mvxxmm.sys [3/2/2011 3:45 PM 13616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\winxp\system32\drivers\dtsoftbus01.sys [5/16/2011 5:19 PM 218688]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/26/2011 4:32 PM 366152]
R2 SddSUpdate;SddSUpdate;c:\program files\SddSUpdate\SddSUpdate.exe [9/27/2011 9:47 AM 466440]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [10/26/2011 4:32 PM 22216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 1:18 PM 136176]
S3 1394hub;1394 Enabled Hub;c:\winxp\system32\svchost.exe -k netsvcs [4/14/2008 5:00 PM 14336]
S3 Ambfilt;Ambfilt;c:\winxp\system32\drivers\Ambfilt.sys [5/16/2011 10:45 PM 1684736]
S3 dump_wmimmc;dump_wmimmc;\??\d:\games\EA Sports\FIFA Online 2\GameGuard\dump_wmimmc.sys --> d:\games\EA Sports\FIFA Online 2\GameGuard\dump_wmimmc.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\winxp\system32\drivers\EagleXNt.sys --> c:\winxp\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 1:18 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\winxp\system32\drivers\mbamswissarmy.sys --> c:\winxp\system32\drivers\mbamswissarmy.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\winxp\system32\GameMon.des -service --> c:\winxp\system32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva385;XDva385;\??\c:\winxp\system32\XDva385.sys --> c:\winxp\system32\XDva385.sys [?]
S3 XDva387;XDva387;\??\c:\winxp\system32\XDva387.sys --> c:\winxp\system32\XDva387.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:57]
.
2011-10-26 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 06:18]
.
2011-10-26 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.th/
uInternet Settings,ProxyOverride = *.local
IE: Download all by FlashGet3 - c:\documents and settings\Nookia\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Nookia\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: com.cn\*.cga
Trusted Zone: kuaiche.com\software
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
TCP: Interfaces\{74B61D8C-FD92-4099-9703-D4AD44B5EB4C}: NameServer = 192.168.1.2,192.168.1.1
DPF: {2B6F3D45-8258-4A13-85B8-58C62DFDB4EA} - hxxps://secure1.playfps.com/play/ava/ax/WebLauncher.cab
FF - ProfilePath - c:\documents and settings\Nookia\Application Data\Mozilla\Firefox\Profiles\msprhzcg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.th/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-10-26 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\winxp\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1092)
c:\winxp\system32\WININET.dll
c:\winxp\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\ฟ์ัน\KZipShell.dll
c:\winxp\system32\ieframe.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\WPDShServiceObj.dll
c:\winxp\system32\PortableDeviceTypes.dll
c:\winxp\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-26 23:14:49
ComboFix-quarantined-files.txt 2011-10-26 16:14
.
Pre-Run: 37,932,589,056 bytes free
Post-Run: 38,512,857,088 bytes free
.
- - End Of File - - 5ACDDA9150E00B7F4D5779A0A3F8259B