Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista Anti-virus 2012 first, then browser redirect... [Solved]


  • This topic is locked This topic is locked

#1
jkabat

jkabat

    Member

  • Member
  • PipPip
  • 98 posts
Situation:

Last night a Vista Antivirus warning popped up and the computer user clicked 'remove threats'. That led to scores of further pop-ups.

We shut down the computer and restarted in safe mode. Restored computer to prior settings a day earlier. Ran Malware bytes anti-malware.

Ran microsoft security scan. Computer worked, but internet searches were redirected in IE, not Chrome. Over night I ran a full malware anti-virus scan. This morning got a message that 'windows explorer' was not running.

I shut down computer. It was turned on later and worked fine for a few hours. Then the internet search redirect happened again, both on IE and Chrome..

Scanned with malewarebytes anti-virus - found nothing.

Tried to run DDS scan, was told "Batch not found". Ran a sfc/scannow and was told something was found but couldn't be repaired.

Ran the OTL scan and will paste in below.

Help please?

OTL logfile created on: 12/29/2011 3:44:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 65.47% Memory free
5.96 Gb Paging File | 5.25 Gb Available in Paging File | 88.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 147.39 Gb Free Space | 51.16% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: computer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 15:42:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/20 16:04:22 | 000,709,984 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Microsoft Works\WksWP.exe
PRC - [2007/06/20 16:04:20 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2007/06/20 16:04:20 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/05/25 13:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Stopped] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/15 19:35:02 | 000,021,176 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)
DRV - [2008/07/22 21:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 13:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 09:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 00:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/03 11:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...309&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...309&m=et1161-07

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...309&m=et1161-07
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\computer\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\computer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\computer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/28 22:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/27 03:02:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\computer\AppData\Roaming\Move Networks [2011/12/28 22:15:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DC9829A7-3CC0-4343-856A-732175C6BA5E}: C:\Users\computer\AppData\Local\{DC9829A7-3CC0-4343-856A-732175C6BA5E} [2011/12/28 22:15:16 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\computer\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Gmail = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [MaAgent] C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MRDaemon.exe] C:\Program Files\Naver\QuickManager2\MRDaemon.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.co...On/AlwaysOn.CAB (Tpwin Control)
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://cdn.naver.com...ComicViewer.cab (NHNComicViewer Class)
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} https://mpi.dacom.ne...PI_20110503.cab (XacsPop Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://banking.nongh...SCSK4_VISTA.cab (SCSK Control)
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.ne...MPI/XPayMPI.cab (XPayMPIOCX Control)
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} http://www.hangame.c...KKeyProInst.cab (CKKeyPro Crypto support Class (CKNhnInst))
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.e...3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (XecureCKKB Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://packgoon.hang...anSetup1020.cab (HanSetupCtrl1010 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} http://plugin.inicis...let60_vista.cab (INIwallet60 Control)
O16 - DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} http://patch.mnet.co...20100202001.cab (NSAppHelperWizrd Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....PCTLD_VISTA.cab (KvpIspCtlD Control)
O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssear...PlusInstall.cab (AxIPlusInstall)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB11FA8-E9FF-4E55-B4CD-665BDB231FA1}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.10118.dll (© INITECH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 15:42:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/12/29 15:12:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\computer\Desktop\dds.scr
[2011/12/28 23:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/12/07 14:25:51 | 000,000,000 | -H-D | C] -- C:\Users\computer\Desktop\2011_12_07
[2007/09/04 23:48:38 | 000,020,480 | ---- | C] ( ) -- C:\Windows\System32\MAUpdate.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\computer\AppData\Local\*.tmp files -> C:\Users\computer\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 15:46:27 | 000,001,356 | ---- | M] () -- C:\Users\computer\AppData\Local\d3d9caps.dat
[2011/12/29 15:42:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/12/29 15:12:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\computer\Desktop\dds.scr
[2011/12/29 14:18:23 | 000,605,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/29 14:18:23 | 000,104,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/29 14:10:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 14:08:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 14:08:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 13:59:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598053239-1567179000-2325288416-1000UA.job
[2011/12/29 13:26:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 08:53:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/12/29 08:53:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 21:52:04 | 000,009,750 | -HS- | M] () -- C:\Users\computer\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/28 21:52:04 | 000,009,750 | -HS- | M] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/28 21:39:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\C4y7TSQMIAEj1a
[2011/12/28 21:37:56 | 000,000,304 | ---- | M] () -- C:\ProgramData\~C4y7TSQMIAEj1a
[2011/12/28 21:37:56 | 000,000,216 | ---- | M] () -- C:\ProgramData\~C4y7TSQMIAEj1ar
[2011/12/27 22:27:14 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for computer.job
[2011/12/27 19:12:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598053239-1567179000-2325288416-1000Core.job
[2011/12/23 15:48:26 | 000,132,608 | ---- | M] () -- C:\Users\computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 19:12:00 | 000,005,152 | -H-- | M] () -- C:\Users\computer\AppData\Roaming\wklnhst.dat
[2011/12/18 10:09:35 | 000,007,688 | -H-- | M] () -- C:\Users\computer\Desktop\CCC.jpg
[2011/12/14 03:30:06 | 000,340,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/06 19:54:26 | 000,103,335 | -H-- | M] () -- C:\Users\computer\Desktop\393752_2021581518917_1825338131_1373447_923737637_n.jpg
[2011/12/06 19:54:06 | 000,095,037 | -H-- | M] () -- C:\Users\computer\Desktop\388613_2021582718947_1825338131_1373448_493318696_n.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\computer\AppData\Local\*.tmp files -> C:\Users\computer\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 21:28:10 | 000,000,216 | ---- | C] () -- C:\ProgramData\~C4y7TSQMIAEj1ar
[2011/12/28 21:28:09 | 000,000,304 | ---- | C] () -- C:\ProgramData\~C4y7TSQMIAEj1a
[2011/12/28 21:28:06 | 000,000,456 | ---- | C] () -- C:\ProgramData\C4y7TSQMIAEj1a
[2011/12/28 21:11:51 | 000,009,750 | -HS- | C] () -- C:\Users\computer\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/28 21:11:51 | 000,009,750 | -HS- | C] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
[2011/12/18 10:09:49 | 000,007,688 | -H-- | C] () -- C:\Users\computer\Desktop\CCC.jpg
[2011/12/06 19:54:25 | 000,103,335 | -H-- | C] () -- C:\Users\computer\Desktop\393752_2021581518917_1825338131_1373447_923737637_n.jpg
[2011/12/06 19:54:05 | 000,095,037 | -H-- | C] () -- C:\Users\computer\Desktop\388613_2021582718947_1825338131_1373448_493318696_n.jpg
[2011/06/05 18:07:21 | 000,596,512 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2011/05/19 11:01:24 | 001,266,880 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2011/02/22 15:24:26 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2011/01/23 10:14:34 | 002,263,821 | -H-- | C] () -- C:\Users\computer\AppData\Local\Inspiration.chm
[2011/01/23 10:14:34 | 000,000,000 | -H-- | C] () -- C:\Users\computer\AppData\Local\90a041
[2010/12/16 09:15:52 | 000,000,120 | -H-- | C] () -- C:\Users\computer\AppData\Local\Mcogikujika.dat
[2010/12/16 09:15:52 | 000,000,000 | -H-- | C] () -- C:\Users\computer\AppData\Local\Txarozolo.bin
[2010/12/13 09:56:20 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/13 09:56:19 | 000,139,152 | ---- | C] () -- C:\Users\computer\AppData\Roaming\PnkBstrK.sys
[2010/12/13 09:56:07 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/13 09:56:06 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/13 09:56:00 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/05/12 11:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/12/23 15:34:31 | 000,126,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/25 18:22:02 | 000,026,176 | ---- | C] () -- C:\Windows\System32\INIUAC.exe
[2009/09/17 05:54:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 05:54:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 21:12:44 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/07 14:50:54 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/09 08:37:42 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2009/06/30 15:06:23 | 000,001,356 | ---- | C] () -- C:\Users\computer\AppData\Local\d3d9caps.dat
[2009/06/15 11:15:23 | 000,132,608 | ---- | C] () -- C:\Users\computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/31 19:22:29 | 000,005,152 | -H-- | C] () -- C:\Users\computer\AppData\Roaming\wklnhst.dat
[2009/03/12 22:39:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/03/12 22:31:19 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/02/26 12:53:34 | 000,045,116 | ---- | C] () -- C:\Windows\System32\KvpSetRegistry.exe
[2009/01/20 01:14:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/05 01:26:34 | 000,030,048 | ---- | C] () -- C:\Windows\System32\MNetDownload.exe
[2007/05/18 16:43:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\KVPSetupEx.exe
[2007/05/10 07:15:34 | 000,028,672 | ---- | C] () -- C:\Windows\System32\ISP_crgen.dll
[2006/11/22 16:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 12:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,340,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,605,616 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/06/29 17:45:44 | 000,708,096 | ---- | C] () -- C:\Windows\System32\INIcrypto20.dll

========== LOP Check ==========

[2011/12/28 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\BitTorrent
[2011/12/28 22:12:22 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Canon
[2009/07/09 08:20:50 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\DataCast
[2011/12/28 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Elluminate
[2011/04/08 11:10:59 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\FileZilla
[2011/12/28 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\GetRightToGo
[2010/03/02 21:52:17 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\HNC
[2011/01/23 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Inspiration Software
[2011/12/28 22:15:17 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\KompoZer
[2011/12/28 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\MusE
[2011/01/23 10:09:36 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\Softland
[2009/05/31 19:22:38 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\Template
[2010/06/19 10:20:41 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\Tific
[2009/05/29 16:01:09 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\WildTangent
[2011/12/29 14:08:36 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/28 22:15:21 | 000,000,000 | ---D | M](C:\Users\computer\Desktop\Halla(???)) -- C:\Users\computer\Desktop\Halla(정한라)
[2010/04/16 09:57:06 | 000,013,063 | -H-- | M] ()(C:\Users\computer\Documents\? ? ?.docx) -- C:\Users\computer\Documents\위 임 장.docx
[2010/04/16 09:57:06 | 000,013,063 | -H-- | C] ()(C:\Users\computer\Documents\? ? ?.docx) -- C:\Users\computer\Documents\위 임 장.docx
[2009/10/17 18:39:28 | 000,000,000 | ---D | C](C:\Users\computer\Desktop\Halla(???)) -- C:\Users\computer\Desktop\Halla(정한라)

========== Alternate Data Streams ==========

@Alternate Data Stream - 133120 bytes -> C:\Users\computer\AppData\Local\Temp:winupd.exe

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this run could you go to normal windows and let me know what the problems are

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/28 21:52:04 | 000,009,750 | -HS- | M] () -- C:\Users\computer\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
    [2011/12/28 21:52:04 | 000,009,750 | -HS- | M] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
    [2011/12/28 21:39:13 | 000,000,456 | ---- | M] () -- C:\ProgramData\C4y7TSQMIAEj1a
    [2011/12/28 21:37:56 | 000,000,304 | ---- | M] () -- C:\ProgramData\~C4y7TSQMIAEj1a
    [2011/12/28 21:37:56 | 000,000,216 | ---- | M] () -- C:\ProgramData\~C4y7TSQMIAEj1ar
    [2011/12/28 21:28:10 | 000,000,216 | ---- | C] () -- C:\ProgramData\~C4y7TSQMIAEj1ar
    [2011/12/28 21:28:09 | 000,000,304 | ---- | C] () -- C:\ProgramData\~C4y7TSQMIAEj1a
    [2011/12/28 21:28:06 | 000,000,456 | ---- | C] () -- C:\ProgramData\C4y7TSQMIAEj1a
    [2011/12/28 21:11:51 | 000,009,750 | -HS- | C] () -- C:\Users\computer\AppData\Local\8kx8w56xix4p43nqxui3320ng437tdg17b0j
    [2011/12/28 21:11:51 | 000,009,750 | -HS- | C] () -- C:\ProgramData\8kx8w56xix4p43nqxui3320ng437tdg17b0j
    [2011/01/23 10:14:34 | 000,000,000 | -H-- | C] () -- C:\Users\computer\AppData\Local\90a041
    [2010/12/16 09:15:52 | 000,000,120 | -H-- | C] () -- C:\Users\computer\AppData\Local\Mcogikujika.dat
    [2010/12/16 09:15:52 | 000,000,000 | -H-- | C] () -- C:\Users\computer\AppData\Local\Txarozolo.bin
    @Alternate Data Stream - 133120 bytes -> C:\Users\computer\AppData\Local\Temp:winupd.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Essexboy,

Thanks for your prompt attention to my post.

I followed your directions and have reopened in regular windows. In the 10 minutes back nothing pops up or jams up. However, when doing a google search for hot dog, and clicking the wikipedia link for it, I'm redirected to donaldduk.com. When clicking the nathansfamous hot dog site, I get redirected to the yellow pages search engine.

I ran the OTL and the log is posted below.

I look forward to your response.


OTL logfile created on: 12/29/2011 4:24:12 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 58.99% Memory free
5.95 Gb Paging File | 4.82 Gb Available in Paging File | 80.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 150.70 Gb Free Space | 52.31% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 15:42:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/09 10:09:20 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/05/25 13:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npstartersvc.exe
PRC - [2010/05/25 13:43:52 | 000,213,279 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npnj5Agent.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 13:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/19 17:38:53 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/05 17:53:56 | 000,327,000 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/05/25 13:44:34 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\System32\npstartersvc.exe -- (nPStarterSVC)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/29 16:21:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4D819D-C7E8-42CB-80B0-9364CCB7CA98}\MpKslf02e0735.sys -- (MpKslf02e0735)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/15 19:35:02 | 000,021,176 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)
DRV - [2008/07/22 21:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 13:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 09:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 00:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/05/03 11:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...309&m=et1161-07
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...309&m=et1161-07

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...309&m=et1161-07
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\computer\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\computer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\computer\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/28 22:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/27 03:02:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\computer\AppData\Roaming\Move Networks [2011/12/28 22:15:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DC9829A7-3CC0-4343-856A-732175C6BA5E}: C:\Users\computer\AppData\Local\{DC9829A7-3CC0-4343-856A-732175C6BA5E} [2011/12/28 22:15:16 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\computer\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Gmail = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/12/29 16:16:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [MaAgent] C:\Program Files\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MRDaemon.exe] C:\Program Files\Naver\QuickManager2\MRDaemon.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.co...On/AlwaysOn.CAB (Tpwin Control)
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://cdn.naver.com...ComicViewer.cab (NHNComicViewer Class)
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} https://mpi.dacom.ne...PI_20110503.cab (XacsPop Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://banking.nongh...SCSK4_VISTA.cab (SCSK Control)
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.ne...MPI/XPayMPI.cab (XPayMPIOCX Control)
O16 - DPF: {4ABB12B3-8A8B-481D-874A-93E16F930A8B} http://www.hangame.c...KKeyProInst.cab (CKKeyPro Crypto support Class (CKNhnInst))
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} http://fifa-online.e...3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} Reg Error: Key error. (XecureCKKB Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control)
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} http://packgoon.hang...anSetup1020.cab (HanSetupCtrl1010 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} http://plugin.inicis...let60_vista.cab (INIwallet60 Control)
O16 - DPF: {DFBBCB52-4D9F-4D0E-BF4A-A51223FC2541} http://patch.mnet.co...20100202001.cab (NSAppHelperWizrd Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....PCTLD_VISTA.cab (KvpIspCtlD Control)
O16 - DPF: {FC1FEB1F-DB67-49C2-9AA1-83BFD60F992A} http://i-plus.jssear...PlusInstall.cab (AxIPlusInstall)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB11FA8-E9FF-4E55-B4CD-665BDB231FA1}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.10118.dll (© INITECH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 16:16:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/29 15:42:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/12/29 15:12:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\computer\Desktop\dds.scr
[2011/12/28 23:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/12/07 14:25:51 | 000,000,000 | -H-D | C] -- C:\Users\computer\Desktop\2011_12_07
[2007/09/04 23:48:38 | 000,020,480 | ---- | C] ( ) -- C:\Windows\System32\MAUpdate.exe
[1 C:\Users\computer\AppData\Local\*.tmp files -> C:\Users\computer\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 16:26:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 16:21:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/12/29 16:21:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 16:21:53 | 000,001,356 | ---- | M] () -- C:\Users\computer\AppData\Local\d3d9caps.dat
[2011/12/29 16:21:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 16:21:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 16:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 16:21:33 | 3085,332,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 16:16:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/29 15:42:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.exe
[2011/12/29 15:12:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\computer\Desktop\dds.scr
[2011/12/29 14:18:23 | 000,605,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/29 14:18:23 | 000,104,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/29 13:59:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598053239-1567179000-2325288416-1000UA.job
[2011/12/27 22:27:14 | 000,000,564 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for computer.job
[2011/12/27 19:12:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598053239-1567179000-2325288416-1000Core.job
[2011/12/23 15:48:26 | 000,132,608 | ---- | M] () -- C:\Users\computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 19:12:00 | 000,005,152 | -H-- | M] () -- C:\Users\computer\AppData\Roaming\wklnhst.dat
[2011/12/18 10:09:35 | 000,007,688 | -H-- | M] () -- C:\Users\computer\Desktop\CCC.jpg
[2011/12/14 03:30:06 | 000,340,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/06 19:54:26 | 000,103,335 | -H-- | M] () -- C:\Users\computer\Desktop\393752_2021581518917_1825338131_1373447_923737637_n.jpg
[2011/12/06 19:54:06 | 000,095,037 | -H-- | M] () -- C:\Users\computer\Desktop\388613_2021582718947_1825338131_1373448_493318696_n.jpg
[1 C:\Users\computer\AppData\Local\*.tmp files -> C:\Users\computer\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 16:21:33 | 3085,332,480 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/18 10:09:49 | 000,007,688 | -H-- | C] () -- C:\Users\computer\Desktop\CCC.jpg
[2011/12/06 19:54:25 | 000,103,335 | -H-- | C] () -- C:\Users\computer\Desktop\393752_2021581518917_1825338131_1373447_923737637_n.jpg
[2011/12/06 19:54:05 | 000,095,037 | -H-- | C] () -- C:\Users\computer\Desktop\388613_2021582718947_1825338131_1373448_493318696_n.jpg
[2011/06/05 18:07:21 | 000,596,512 | ---- | C] () -- C:\Windows\System32\INICRYPTOSDK.dll
[2011/05/19 11:01:24 | 001,266,880 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2011/02/22 15:24:26 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2011/01/23 10:14:34 | 002,263,821 | -H-- | C] () -- C:\Users\computer\AppData\Local\Inspiration.chm
[2010/12/13 09:56:20 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/12/13 09:56:19 | 000,139,152 | ---- | C] () -- C:\Users\computer\AppData\Roaming\PnkBstrK.sys
[2010/12/13 09:56:07 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/12/13 09:56:06 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/13 09:56:00 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/05/12 11:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/12/23 15:34:31 | 000,126,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/09/25 18:22:02 | 000,026,176 | ---- | C] () -- C:\Windows\System32\INIUAC.exe
[2009/09/17 05:54:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 05:54:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 21:12:44 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/07 14:50:54 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/09 08:37:42 | 000,000,065 | ---- | C] () -- C:\Windows\FISHUI.INI
[2009/06/30 15:06:23 | 000,001,356 | ---- | C] () -- C:\Users\computer\AppData\Local\d3d9caps.dat
[2009/06/15 11:15:23 | 000,132,608 | ---- | C] () -- C:\Users\computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/31 19:22:29 | 000,005,152 | -H-- | C] () -- C:\Users\computer\AppData\Roaming\wklnhst.dat
[2009/03/12 22:39:15 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/03/12 22:31:19 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/02/26 12:53:34 | 000,045,116 | ---- | C] () -- C:\Windows\System32\KvpSetRegistry.exe
[2009/01/20 01:14:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/05 01:26:34 | 000,030,048 | ---- | C] () -- C:\Windows\System32\MNetDownload.exe
[2007/05/18 16:43:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\KVPSetupEx.exe
[2007/05/10 07:15:34 | 000,028,672 | ---- | C] () -- C:\Windows\System32\ISP_crgen.dll
[2006/11/22 16:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 12:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,340,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,605,616 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/06/29 17:45:44 | 000,708,096 | ---- | C] () -- C:\Windows\System32\INIcrypto20.dll

========== LOP Check ==========

[2011/12/28 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\BitTorrent
[2011/12/28 22:12:22 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Canon
[2009/07/09 08:20:50 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\DataCast
[2011/12/28 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Elluminate
[2011/04/08 11:10:59 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\FileZilla
[2011/12/28 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\GetRightToGo
[2010/03/02 21:52:17 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\HNC
[2011/01/23 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Inspiration Software
[2011/12/28 22:15:17 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\KompoZer
[2011/12/28 22:15:18 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\MusE
[2011/01/23 10:09:36 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\Softland
[2009/05/31 19:22:38 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\Template
[2010/06/19 10:20:41 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\Tific
[2009/05/29 16:01:09 | 000,000,000 | -H-D | M] -- C:\Users\computer\AppData\Roaming\WildTangent
[2011/12/29 14:08:36 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/12/28 22:15:21 | 000,000,000 | ---D | M](C:\Users\computer\Desktop\Halla(???)) -- C:\Users\computer\Desktop\Halla(정한라)
[2010/04/16 09:57:06 | 000,013,063 | -H-- | M] ()(C:\Users\computer\Documents\? ? ?.docx) -- C:\Users\computer\Documents\위 임 장.docx
[2010/04/16 09:57:06 | 000,013,063 | -H-- | C] ()(C:\Users\computer\Documents\? ? ?.docx) -- C:\Users\computer\Documents\위 임 장.docx
[2009/10/17 18:39:28 | 000,000,000 | ---D | C](C:\Users\computer\Desktop\Halla(???)) -- C:\Users\computer\Desktop\Halla(정한라)

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that tends to narrow down the search area

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#5
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Glad we've narrowed down the search area. Not sure this will help...I tried to run it twice and both logs are pasted below. Just before running the first time I clicked OK at the suggestion to download the Avast! virus definitions update:


aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 16:46:58
-----------------------------
16:46:58.515 OS Version: Windows 6.0.6002 Service Pack 2
16:46:58.515 Number of processors: 2 586 0x6B02
16:46:58.516 ComputerName: COMPUTER-PC UserName: computer
16:47:02.840 Initialze error 0 - driver not loaded
16:48:11.926 AVAST engine defs: 11122900
16:48:24.201 Scan error: Incorrect function.
16:48:49.457 The log file has been saved successfully to "C:\Users\computer\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-29 16:49:07
-----------------------------
16:49:07.890 OS Version: Windows 6.0.6002 Service Pack 2
16:49:07.890 Number of processors: 2 586 0x6B02
16:49:07.892 ComputerName: COMPUTER-PC UserName: computer
16:49:09.024 Initialze error C000010E - driver not loaded
16:49:16.210 AVAST engine defs: 11122900
16:49:18.696 Scan error: Incorrect function.
16:49:36.211 The log file has been saved successfully to "C:\Users\computer\Desktop\aswMBR.txt"
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It's failure to run is interesting

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#7
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thanks again.

I visited the control panel and took a screen shot of the disk managements screen.

I downloaded tdsskiller and saved it to my desktop.

I double clicked it. It asked for permission...I clicked continue.

Nothing happened after that.

I tried it three times. Each time it asked for permission. Each time I clicked continue. It has been 10 minutes since the first try. Nothing happening with regards to tdsskiller.

I'm going to shut down, reboot and try tdsskiller again. If I get any reaction other than what I've gotten so far I will reply this. If not, I will leave it as it is and hope you have some further suggestions. (ed: tried again, nothing different).

Cheers,

jkabat

Also, not likely related, but... when I turn on my computer I get two notices. One is:

MaAgent.exe entry point not found. The procedure entry point [email protected]@@[email protected]@[email protected] could not be located in dynamic link library MADRM.dll

and

MaSAFER Agent 응용 프로그램 has stopped working.

FURTHER Edit: 12 hours later, when started in SAFE MODE WITH NETWORKING, the vista anti-virus 2012 pop-ups returned...

Edited by jkabat, 30 December 2011 - 08:28 AM.

  • 0

#8
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
After editing the above comment a few times I don't see my screenshot that you asked me to attach.

As a result, I'm attaching it to this comment.

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They can run but they cannot hide ...

3 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 1250261680 | Size: 1 Mo

This is the culprit.. The malware has created a partition with the bad files in and has made itself the active boot.

What we need to do now is delete that partition and reset the MBR back to the way it should be

Please read the instructions carefully and if you have any questions then ask them before you start :)


First we will create a recovery disc - unless you have the Vista CD (If you do skip this stage)

Create a Windows 7/Vista System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7/Vista Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK.
  • You now have a Windows 7/Vista System Repair Disc.

Keep the disc handy as we will need it later

I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Create a bootable CD, for Gparted , from the ISO image. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 1MB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows Vista Recovery Environment CD and execute the following commands:


bootrec /FixMbr
bootrec /FixBoot
exit


If it fails to boot then from the recovery disc select Startup repair

Once back in Windows.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thanks for the optimistic response. A few questions before I get started.

For the Vista recovery disc, can/should I do this in safemode (w/ or w/out networking)?

For the gparted disc can I burn that on a different machine and use it to boot on the infected machine?

When booting the infected machine with the gparted disc, should I use safemode or not?

Should my reboot with recovery disc (or any subsequent reboots) be in safemode?

THanks in advance,

jkabat
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

For the Vista recovery disc, can/should I do this in safemode (w/ or w/out networking)?

Normal mode will suffice

When booting the infected machine with the gparted disc, should I use safemode or not?

Neither as it is running from a Linux base so windows is not operational. You need to set your computer to boot from CD - do you know how to do that ?


For the gparted disc can I burn that on a different machine and use it to boot on the infected machine?

Yep there is not a problem with that

Should my reboot with recovery disc (or any subsequent reboots) be in safemode?

Again when you boot from this disc windows will be inactive, all subsequent boots to normal mode :)
  • 0

#12
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Erg...

When I click recdisc.exe I get a popup saying Vista Security 2012 has blocked a program from accessing the internet

Name: Microsoft windows operating system
Location: c:\windows\system32\redisc.exe

click YES to activate vista security 2012
click NO to continue unprotected

Definitely don't want to click yes...thoughts?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep lets reverse the process. At the moment the malware is being regenerated by the partion files... So

Download Combofix from the links given previously
Rename Combofix to svchost when you download it
Run Combofix
After the reboot
Create the recovery disc

Post the combofix log whilst you do the other disc and partition removal I will look at what else needs to be removed
  • 0

#14
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Neither google chrome nor internet explorer are allowing me to do anything. They are being blocked by vista security 2012.

Can I download combofix on another machine. Save it on the other machine as svchost. Save it to a flash drive. Start infected machine. Use flash drive to put svchost on infected machine. Run svchost?

If so, will the flash drive be susceptible to virus?

Thanks,
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On the Host computer download and run Panda Vaccinate, ensure that the USB is in the drive when it is run

Then yes we can do that
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP