Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another Text Enhance victim

Started by mrmest , Dec 26 2011 07:33 PM

  • Please log in to reply

#1
mrmest
Posted 26 December 2011 - 07:33 PM

mrmest

    New Member

  • Member
  • Pip
  • 2 posts
Yes, I have been infected with Text Enhance which highlights random words with green text that show a popup ad. I have tried Microsoft Security Essentials and Malware Bytes Anti Malware. i tried the steps given to this person [url="http://www.geekstogo...linking-to-ads/[/url who had the same problem as me, and nothing worked so far. Yes I tried the Custom fix and the ComboFix.exe. I probably shouldn't have done that though now that I think about it.

All this just because I slipped up like a dumbass, opening a shady exe file for a serial lol.] i tried the steps given to this person who had the same problem as me, and nothing worked so far. All this just because I slipped up like a dumbass, opening a shady exe file for a serial lol. This happened since Tuesday I believe. I mean I have seen those quick fixes where people say to edit your host file etc but that is only a temp fix. I know this is a rootkit or something like that. This affects all of my browsers and I do not have the extensions that seem to usually be related to text enhance. I ran OTL and here is what I got.

OTL logfile created on: 12/26/2011 7:37:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.51 Gb Available Physical Memory | 28.93% Memory free
3.74 Gb Paging File | 2.32 Gb Available in Paging File | 61.89% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 4.26 Gb Free Space | 6.12% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 1.85 Gb Free Space | 2.66% Space Free | Partition Type: NTFS

Computer Name: DONGWOO-PC | User Name: Dong Woo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 18:00:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/08 10:45:03 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/15 17:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files\CrossriderWebApps\Crossrider.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/12/09 05:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/04/04 14:35:12 | 001,974,272 | ---- | M] (Nicolas Kruse) -- C:\Program Files\Nettalk6\Nettalk.exe
PRC - [2010/03/28 12:48:20 | 000,568,320 | ---- | M] (Highresolution Enterprises) -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
PRC - [2010/03/28 12:48:14 | 000,071,168 | ---- | M] (Highresolution Enterprises) -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
PRC - [2010/03/04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/11/03 10:11:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009/09/22 10:51:56 | 000,339,968 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome Mouse Driver\KMProcess.exe
PRC - [2009/09/22 10:45:58 | 000,391,168 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome Mouse Driver\KMCONFIG.exe
PRC - [2009/08/31 21:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome Mouse Driver\KMWDSrv.exe
PRC - [2009/05/15 16:27:08 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2009/05/15 16:27:06 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2009/05/15 16:26:56 | 000,094,208 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/08 07:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/06/05 05:21:58 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/05/30 00:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\iHome Mouse Driver\StartAutorun.exe
PRC - [2008/05/09 16:07:08 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/03/21 15:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/03/05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/03/05 01:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/03/14 14:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007/03/14 14:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 11:27:28 | 012,693,504 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/10/15 08:12:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/15 08:11:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 08:09:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/15 08:08:44 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 08:08:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 07:54:53 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 07:51:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/08 10:45:03 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/10/10 07:02:10 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008/10/10 07:02:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008/10/10 07:02:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008/08/08 07:10:48 | 000,081,920 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2008/06/16 08:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\iHome Mouse Driver\MouseHook.dll
MOD - [2008/05/09 16:06:24 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008/04/28 11:49:18 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008/03/05 01:38:16 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/03/29 11:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\iHome Mouse Driver\keydll.dll
MOD - [2006/11/03 11:15:14 | 000,077,824 | ---- | M] () -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\WlanDll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - [2011/12/25 11:27:40 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/25 16:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/16 06:32:46 | 003,874,816 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/19 20:38:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/28 12:48:14 | 000,071,168 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV - [2010/03/04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/03 10:11:48 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/08/31 21:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\iHome Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2008/03/21 15:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/03/05 01:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/06 18:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/14 14:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 14:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/08/25 18:54:12 | 000,360,532 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe -- (ACS)
SRV - [2005/06/21 15:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (mvd20)
DRV - File not found [Kernel | Unknown | Running] -- -- (mdf15)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/12/12 10:07:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/10 02:07:15 | 000,061,096 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/11/13 18:36:34 | 000,066,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\jw.sys -- (jw)
DRV - [2009/11/12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/04/29 22:37:26 | 000,025,088 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2008/11/29 00:47:12 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/29 00:47:11 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/11/26 21:02:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/24 06:17:00 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/18 22:00:00 | 007,446,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/06 01:12:00 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/05 03:15:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/03/21 12:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/03/14 21:55:02 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/07/20 06:00:10 | 000,054,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsimd.sys -- (WSIMD)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56121

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.0
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.72.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Program Files\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Dong Woo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dong Woo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dong Woo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dong Woo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dong Woo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dong Woo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/08/23 01:58:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/02 01:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 01:12:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/01/13 18:48:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{27d81334-ff53-4fe3-8a98-2a8b560494fd}: C:\Users\Dong Woo\AppData\Local\SeeToo\Toolbar\Firefox\ [2009/12/04 02:35:10 | 000,000,000 | ---D | M]

[2010/05/05 22:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Extensions
[2010/05/05 22:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/12/24 00:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions
[2011/12/22 00:38:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/01/12 23:33:58 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(176)
[2009/01/08 19:20:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(82)
[2011/12/24 00:39:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/02 01:13:21 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/07/07 17:43:44 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/11/12 13:57:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/12/16 20:41:58 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2010/06/15 13:28:05 | 000,000,000 | ---D | M] ("Clipta.com Toolbar") -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2010/01/03 02:08:36 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2009/12/04 04:45:42 | 000,000,000 | ---D | M] (Justin.tv Publisher) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2009/06/02 00:24:50 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2009/09/20 01:05:18 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2010/06/10 22:28:59 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2009/12/04 02:28:08 | 000,000,000 | ---D | M] ("SeeToo Addon") -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\[email protected]
[2010/08/28 22:57:51 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\extensions\vshareus@toolbar
[2010/06/10 22:29:36 | 000,001,949 | ---- | M] () -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\searchplugins\bing-zugo.xml
[2011/07/11 13:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\searchplugins\startsear.xml
[2011/08/23 01:50:19 | 000,003,910 | ---- | M] () -- C:\Users\Dong Woo\AppData\Roaming\Mozilla\Firefox\Profiles\pg5kcdak.default\searchplugins\sweetim.xml
[2011/12/02 01:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/14 16:36:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/07 10:22:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\DONG WOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PG5KCDAK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DONG WOO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PG5KCDAK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/02 01:12:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/08/31 05:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/02/13 19:43:13 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/02 01:11:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/02 01:11:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dong Woo\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dong Woo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dong Woo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Program Files\Sony Online Entertainment\npsoe.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: 4chan Extension = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhljghahohpihkdhhgaddnipndobpbbb\1.0.0_0\
CHR - Extension: YouTube = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AdBlock = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.9_0\
CHR - Extension: Premiumplay Codec-C = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.13.21_0\
CHR - Extension: vshare plugin = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: 4chan Plus = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.3.9_0\
CHR - Extension: Gmail = C:\Users\Dong Woo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/26 19:09:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\iHome Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Dong Woo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files\Nettalk6\Nettalk.exe (Nicolas Kruse)
O4 - Startup: C:\Users\Dong Woo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Dong Woo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Dong Woo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.co...wserVersion=6.0 (SeeTooControl Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{136AF047-F90B-4E00-97F6-B4C2D0B310EB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{889CF9CD-3DD1-4B20-8934-BCBB851F9B09}: NameServer = 98.158.112.60 216.131.94.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B82424EB-34F5-4E48-88F1-17F73E4D2CDF}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dong Woo\Pictures\4099855576_5fcaf6ca92_b_01.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dong Woo\Pictures\4099855576_5fcaf6ca92_b_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 19:29:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/26 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/26 19:05:47 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\AppData\Local\temp
[2011/12/26 18:31:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/26 18:31:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/26 18:31:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/26 18:31:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/26 18:26:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 18:24:46 | 004,352,855 | R--- | C] (Swearware) -- C:\Users\Dong Woo\Desktop\ComboFix.exe
[2011/12/25 11:20:32 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/25 11:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/24 11:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/24 11:45:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/24 11:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/22 17:44:50 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\pisg-0.72
[2011/12/17 18:55:23 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\AppData\Roaming\Media Player Classic
[2011/12/16 19:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec
[2011/12/16 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2011/12/16 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/12/16 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2011/12/16 18:04:24 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkv2vob
[2011/12/16 18:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\mkv2vob
[2011/12/15 12:06:35 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\AppData\Local\Unity
[2011/12/14 12:39:24 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 12:39:23 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 12:39:20 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 12:39:16 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 12:39:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 12:39:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 12:38:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 12:38:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 12:38:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 12:38:21 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 12:38:21 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 12:38:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 12:38:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 12:38:17 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 12:38:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 12:38:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 12:38:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 12:38:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 12:38:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 12:38:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 12:38:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 12:38:12 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 12:38:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/14 12:38:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/09 11:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/12/09 11:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/11/30 12:36:26 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\AppData\Local\RunRev
[2011/11/30 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\Dong Woo\AppData\Local\._LiveCode_
[2008/07/22 03:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/12/26 19:31:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 19:21:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663437838-256119079-3668261260-1001UA.job
[2011/12/26 19:15:21 | 000,645,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/26 19:15:21 | 000,120,722 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/26 19:12:05 | 000,207,860 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/26 19:11:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663437838-256119079-3668261260-1000UA.job
[2011/12/26 19:09:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/26 19:09:43 | 000,207,860 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/26 19:09:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 19:08:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/12/26 19:07:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 19:07:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 19:07:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/26 19:07:34 | 1877,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 18:24:38 | 004,352,855 | R--- | M] (Swearware) -- C:\Users\Dong Woo\Desktop\ComboFix.exe
[2011/12/26 11:21:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663437838-256119079-3668261260-1001Core.job
[2011/12/26 01:11:04 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663437838-256119079-3668261260-1000Core.job
[2011/12/25 13:14:28 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/25 11:28:02 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/25 11:27:59 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/25 11:22:32 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/25 11:22:32 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/25 11:20:36 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/24 22:51:17 | 000,029,696 | ---- | M] () -- C:\Users\Dong Woo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/24 11:45:23 | 000,000,934 | ---- | M] () -- C:\Users\Dong Woo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/24 11:45:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 10:11:19 | 001,724,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/22 19:34:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/22 19:34:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/22 17:44:04 | 000,278,381 | ---- | M] () -- C:\Users\Dong Woo\pisg-0.72.zip
[2011/12/16 19:01:04 | 000,001,043 | ---- | M] () -- C:\Users\Dong Woo\AppData\Roaming\coreavc.ini
[2011/12/16 18:04:25 | 000,001,797 | ---- | M] () -- C:\Users\Dong Woo\Desktop\mkv2vob.lnk
[2011/12/13 21:22:08 | 000,002,023 | ---- | M] () -- C:\Users\Dong Woo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/13 21:22:07 | 000,002,061 | ---- | M] () -- C:\Users\Dong Woo\Desktop\Google Chrome.lnk
[2011/12/12 10:07:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/09 11:46:52 | 000,001,113 | -H-- | M] () -- C:\IPH.PH
[2011/12/09 11:46:39 | 000,001,722 | ---- | M] () -- C:\Users\Dong Woo\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/12/09 11:46:39 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/12/09 11:45:56 | 000,001,826 | ---- | M] () -- C:\Users\Dong Woo\Desktop\Retry AIM Installation.lnk
[2011/11/28 13:06:51 | 000,118,975 | ---- | M] () -- C:\Users\Dong Woo\Documents\bankstate.jpg
[2011/11/28 12:45:33 | 000,048,746 | ---- | M] () -- C:\Users\Dong Woo\Documents\IDcard.jpg

========== Files Created - No Company Name ==========

[2011/12/26 18:31:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/26 18:31:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/26 18:31:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/26 18:31:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/26 18:31:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/26 17:58:12 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/25 11:22:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/25 11:22:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/25 11:20:36 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/24 11:45:23 | 000,000,934 | ---- | C] () -- C:\Users\Dong Woo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/24 11:45:23 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 19:34:42 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/22 19:34:42 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/22 17:44:21 | 000,278,381 | ---- | C] () -- C:\Users\Dong Woo\pisg-0.72.zip
[2011/12/16 19:01:04 | 000,001,043 | ---- | C] () -- C:\Users\Dong Woo\AppData\Roaming\coreavc.ini
[2011/12/16 18:04:24 | 000,001,797 | ---- | C] () -- C:\Users\Dong Woo\Desktop\mkv2vob.lnk
[2011/12/09 11:45:56 | 000,001,826 | ---- | C] () -- C:\Users\Dong Woo\Desktop\Retry AIM Installation.lnk
[2011/12/02 01:12:18 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/28 13:06:47 | 000,118,975 | ---- | C] () -- C:\Users\Dong Woo\Documents\bankstate.jpg
[2011/11/28 12:45:31 | 000,048,746 | ---- | C] () -- C:\Users\Dong Woo\Documents\IDcard.jpg
[2011/11/11 00:46:18 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011/11/11 00:46:18 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/12/29 21:01:33 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2010/12/29 21:01:33 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2010/12/29 21:01:32 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2010/12/29 21:01:30 | 000,000,287 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2010/12/29 21:01:15 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2010/11/17 22:06:09 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/11/17 22:06:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/10/05 20:10:37 | 000,000,122 | ---- | C] () -- C:\Windows\kaillera.ini
[2010/07/06 09:17:28 | 000,007,592 | ---- | C] () -- C:\Users\Dong Woo\AppData\Local\d3d9caps.dat
[2010/06/23 20:43:15 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/03/26 21:16:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/22 01:36:48 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/06 21:27:01 | 000,176,188 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/04 13:15:33 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/11/13 18:36:34 | 000,066,680 | ---- | C] () -- C:\Windows\System32\jw.sys
[2009/11/06 13:55:39 | 000,000,600 | ---- | C] () -- C:\Users\Dong Woo\AppData\Roaming\winscp.rnd
[2009/10/29 01:54:11 | 000,000,301 | ---- | C] () -- C:\Windows\ulead32.ini
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/10/19 22:27:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/19 22:27:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/13 02:55:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/02 01:52:19 | 000,024,064 | ---- | C] () -- C:\Users\Dong Woo\AppData\Roaming\UserTile.png
[2009/07/02 01:02:47 | 000,051,712 | ---- | C] () -- C:\Windows\System32\jwsj.sys
[2009/04/20 19:52:23 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/24 23:16:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/22 20:42:53 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/01/01 17:26:09 | 000,000,309 | ---- | C] () -- C:\Users\Dong Woo\AppData\Roaming\burnaware.ini
[2008/12/25 18:40:09 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/12/25 16:37:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/19 23:51:35 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/11/29 00:47:12 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/11/29 00:47:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/11/25 21:35:58 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2008/11/25 20:48:33 | 000,029,696 | ---- | C] () -- C:\Users\Dong Woo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 19:56:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/13 17:15:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/10/10 07:23:10 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/10/10 07:23:10 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/10/10 07:02:12 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/10/10 06:55:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/10 06:46:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/10/10 06:46:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/10/10 06:46:44 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/10/10 06:45:43 | 000,207,860 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/10 06:45:42 | 000,207,860 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007/08/22 10:16:00 | 000,046,456 | R--- | C] () -- C:\Windows\System32\exitwx.exe
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,724,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,662 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,722 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/30 11:08:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlccinsr.dll
[2005/08/30 11:08:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcccur.dll
[2005/08/30 11:08:30 | 000,131,072 | ---- | C] () -- C:\Windows\System32\dlccjswr.dll
[2005/08/30 11:07:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlccinsb.dll
[2005/08/30 11:07:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcccub.dll
[2005/08/30 11:07:34 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcccu.dll
[2005/08/30 11:07:32 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlccins.dll
[2005/08/30 11:06:04 | 000,430,080 | ---- | C] () -- C:\Windows\System32\dlccutil.dll
[2005/07/28 13:47:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlccvs.dll
[2005/06/21 15:27:56 | 000,638,976 | ---- | C] () -- C:\Windows\System32\dlccpmui.dll
[2005/06/21 15:27:02 | 001,183,744 | ---- | C] () -- C:\Windows\System32\dlccserv.dll
[2005/06/21 15:22:06 | 000,483,328 | ---- | C] () -- C:\Windows\System32\dlcclmpm.dll
[2005/06/21 15:21:40 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlcccomm.dll
[2005/06/21 15:21:30 | 000,368,640 | ---- | C] () -- C:\Windows\System32\dlcccfg.exe
[2005/06/21 15:20:08 | 000,372,736 | ---- | C] () -- C:\Windows\System32\dlccih.exe
[2005/06/21 15:19:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\dlccpplc.dll
[2005/06/21 15:19:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\dlcccoms.exe
[2005/06/21 15:18:58 | 000,704,512 | ---- | C] () -- C:\Windows\System32\dlcccomc.dll
[2005/06/21 15:18:24 | 000,155,648 | ---- | C] () -- C:\Windows\System32\dlccprox.dll
[2005/06/21 15:12:48 | 001,134,592 | ---- | C] () -- C:\Windows\System32\dlccusb1.dll
[2005/06/21 15:09:22 | 000,770,048 | ---- | C] () -- C:\Windows\System32\dlcchbn3.dll
[2005/06/06 10:58:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcccfg.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 28 December 2011 - 04:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56121
FF - prefs.js..extensions.enabledItems: [email protected]:0.72.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/08/23 01:58:11 | 000,000,000 | ---D | M]
[2011/09/14 16:36:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/12/16 19:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec
[2011/12/16 19:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2011/12/16 18:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011/12/16 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack

:files
C:\ProgramData\CodecCheck


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Did we get it?

Ron
  • 0

#3
mrmest
Posted 02 January 2012 - 10:33 AM

mrmest

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
It seemed to have worked i think

========== PROCESSES ==========
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: [email protected]:0.72.17 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec\CoreAVC Professional Edition folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreCodec folder moved successfully.
C:\Program Files\CoreCodec\CoreAVC Professional Edition folder moved successfully.
C:\Program Files\CoreCodec folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Other Filters folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\LAV folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\FFDShow folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack folder moved successfully.
C:\Program Files\Combined Community Codec Pack\MPC folder moved successfully.
C:\Program Files\Combined Community Codec Pack\Legal folder moved successfully.
C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters folder moved successfully.
C:\Program Files\Combined Community Codec Pack\Filters\Haali folder moved successfully.
C:\Program Files\Combined Community Codec Pack\Filters\FFDShow folder moved successfully.
C:\Program Files\Combined Community Codec Pack\Filters folder moved successfully.
C:\Program Files\Combined Community Codec Pack folder moved successfully.
========== FILES ==========
C:\ProgramData\CodecCheck\firefox\skin folder moved successfully.
C:\ProgramData\CodecCheck\firefox\locale\en-US folder moved successfully.
C:\ProgramData\CodecCheck\firefox\locale folder moved successfully.
C:\ProgramData\CodecCheck\firefox\defaults\preferences folder moved successfully.
C:\ProgramData\CodecCheck\firefox\defaults folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib\facebox\Images folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib\facebox folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome folder moved successfully.
C:\ProgramData\CodecCheck\firefox folder moved successfully.
C:\ProgramData\CodecCheck\chrome folder moved successfully.
C:\ProgramData\CodecCheck folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: dong
 
User: Dong Woo
->Flash cache emptied: 36677 bytes
 
User: osnapple
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: dong
 
User: Dong Woo
->Java cache emptied: 283239 bytes
 
User: osnapple
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01022012_112135

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

heres the log i got after I ran the fix just in case
  • 0

#4
RKinner
Posted 04 January 2012 - 11:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I think we got it but there was some evidence of an unrelated prior malware infection so perhaps we should run through a few scan to make sure.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP