Sign in to follow this  
Followers 0
kgh5219

i think i have malware. HELP!

28 posts in this topic

I am writing this from a different user than the one i think has malware. so here is what is happening:

  • Internet explorer keeps crasing and saying it is not responding
  • i cant download anything from internet explorer
  • google chrome suddenly didnt work.

When i open google chrome, it sometimes doesnt open at all and sometimes when it does, it closes straight away. When i go on any websites that talk about viruses, it says that internet explorer has stopped working. also i cant use malwarebytes because it does not open. so i use the chameleon and there is one virus that keeps coming up, with several others.

What can i do to solve this? I have had this virus for a long time and i thought that it would do nothing. Please help!!!!

Share this post


Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_26

Run by Dad at 17:27:48 on 2013-01-29

Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.2807.1521 [GMT 0:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\DM.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Windows\system32\dmwu.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Master\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Users\Dad\AppData\Local\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Users\Dad\AppData\Local\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.daum.net/

uDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mDefault_Page_URL = hxxp://acer.msn.com

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

mWinlogon: Userinit = userinit.exe,,C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.3\PriceGongIE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: MozenCuto System: {3F08DFF9-2D5A-4163-B87F-FF980247A925} -

BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Daum 클리너: {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} - C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [update.exe] C:\Users\luk\AppData\Local\Ipop\update.exe

mRun: [HncUpdate] C:\Program Files (x86)\HNC\HncUtils\HncChecker.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Microsoft Excel로 내보내기(&X) - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {477D5B9A-6479-44F8-9718-9340119B0308} - hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8C96AC47-F768-47F5-95C2-24018E6674C5} - hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cab

DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66} : DHCPNameServer = 164.124.101.2 203.248.252.2

TCP: Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}\4514C4B44514C4B4D2241434138323 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}\6796277696E6D65646961613736373134373 : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}\F6B67786F6661627475646 : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11014.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11014.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://acer.msn.com

x64-mDefault_Page_URL = hxxp://acer.msn.com

x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

1.1.21.0;Windows MineService Update Class (uu);C:\Program Files (x86)\MozenCuto\mzcutouusvc.exe --> C:\Program Files (x86)\MozenCuto\mzcutouusvc.exe [?]

R1 AMonTDLH;AMonTDLH;C:\Windows\System32\drivers\AmonTDLh.sys [2012-3-6 118072]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]

R2 clunet;clunet;C:\Windows\System32\drivers\clunet.sys [2010-10-18 49224]

R2 DM;DM;C:\Windows\System32\DM.exe --> C:\Windows\System32\DM.exe [?]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-30 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-12-4 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-30 13336]

R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-30 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-30 243232]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-8-30 188760]

R2 WebOptimizer;WebOptimizer;C:\Windows\System32\dmwu.exe [2012-8-30 1259888]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-30 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-30 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-30 287232]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]

R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-1-29 36680]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-16 25928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [?]

S2 MBAMService;MBAMService;"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S2 Windows MineService Update Class

S3 CdmDrvNt;CdmDrvNt;C:\Windows\System32\drivers\CdmDrvNt.sys [2012-3-6 25656]

S3 DaumCleanerService;DaumCleanerService;C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [2012-8-1 199088]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-24 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2012-3-6 126072]

S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2012-3-6 155256]

S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\System32\drivers\Mkd2BthF.sys [2012-4-15 98040]

S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2011-6-4 107768]

S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2011-6-4 183544]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-12-4 246376]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-24 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-21 1255736]

S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-29 17:25:03 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-01-28 19:55:19 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-01-28 19:11:11 -------- d-----w- C:\Users\Dad\AppData\Local\Mozilla Firefox

2013-01-28 18:57:23 -------- d-----w- C:\Users\Dad\AppData\Local\Macromedia

2013-01-28 18:56:52 -------- d-----w- C:\Users\Dad\AppData\Local\Mozilla

2013-01-27 21:28:27 -------- d-----w- C:\Users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q

2013-01-27 21:28:25 -------- d-----w- C:\Users\Dad\AppData\Roaming\Babylon

2013-01-25 19:52:44 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C41A343-9803-4F23-9C22-C1EF15A8DFA7}\mpengine.dll

2013-01-09 17:35:17 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 17:35:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 17:35:03 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-09 17:35:02 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-09 17:35:00 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-09 17:35:00 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

==================== Find3M ====================

.

2013-01-10 14:00:03 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 14:00:03 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-10 13:59:30 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-19 13:49:55 47280 ----a-w- C:\Windows\SysWow64\drivers\SCSK5.sys

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 08:48:00 3034424 ----a-w- C:\Windows\System32\btscan.exe

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

.

============= FINISH: 17:29:38.09 ===============

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2011-02-19 오후 8:57:01

System Uptime: 2013-01-29 오후 2:07:30 (3 hours ago)

.

Motherboard: Acer | | Aspire 5742

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU | 911/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 285 GiB total, 167.966 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP240: 2013-01-08 오후 1:38:05 - Windows Update

RP241: 2013-01-10 오후 2:02:01 - Windows Update

RP242: 2013-01-15 오후 5:41:12 - Windows Update

RP243: 2013-01-22 오후 6:35:42 - Windows Update

RP244: 2013-01-25 오후 7:51:12 - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

4Sync

Acer Backup Manager

Acer Crystal Eye webcam

Acer ePower Management

Acer eRecovery Management

Acer GameZone Console

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2 MUI

Adobe Shockwave Player 11.6

AhnLab Online Security

Airport Mania First Flight

Amazonia

Androsa FileProtector

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Backup Manager Basic

Bing Bar

Bing Bar Platform

Bonjour

Broadcom Gigabit NetLink Controller

Cake Mania

CCleaner

ChocoStream2010

CyberLink PowerDVD 9

D3DX10

Daum ActiveX AAÆ®·N - Daum ?? ????

Daum ActiveX AAÆ®·N - Daum ?? ?????

Daum 클리너

DivX Setup

Dream Day First Home

eBay Worldwide

eSobi v2

Farm Frenzy 2

Feedback Tool

Galapago

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Heroes of Hellas

iCloud

Identity Card

Incredibar Toolbar on IE

INISafeWeb 7.0 (SFilter v1.0)

InstallIQ Updater

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Ipop(아이팝)

iTunes

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Launch Manager

League of Legends

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Security Scan Plus

Merriam Websters Spell Jam

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (Korean) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel 2007 Help ¾÷μAIÆ® (KB963678)

Microsoft Office Excel MUI (Korean) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (Korean) 2007

Microsoft Office IME (Korean) 2007

Microsoft Office InfoPath MUI (Korean) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (Korean) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Korean) 2007

Microsoft Office Powerpoint 2007 Help ¾÷μAIÆ® (KB963669)

Microsoft Office PowerPoint MUI (Korean) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Korean) 2007

Microsoft Office Proofing (Korean) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Korean) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit MUI (Korean) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Korean) 2007

Microsoft Office Word 2007 Help ¾÷μAIÆ® (KB963665)

Microsoft Office Word MUI (Korean) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MLS AD Integration

MobileMe Control Panel

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Firefox Packages

Mozilla Maintenance Service

Mplayer 0.6.9

MSVCRT

MSVCRT_amd64

MyWinLocker

MyWinLocker Suite

Nexon Game Manager

NTI Media Maker 9

NWZ-B170 WALKMAN Guide

Pando Media Booster

Poker Pop

PriceGong 2.5.3

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shredder

SketchUp 8

Skype Click to Call

Skype™ 5.10

SoftCamp Secure KeyStroke 4.0

Spin & Win

Steam

SuddenAttack

swMSM

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

VC80CRTRedist - 8.0.50727.6195

Veraport20(Security module management) - 2,5,0,4

Viewpoint Media Player

Web Assistant 2.0.0.478

Web Optimizer

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xvid 1.2.1 final uninstall

Yahoo! Software Update

Yahoo! Toolbar

Yontoo 1.10.02

짱파일 다운로드

초코 플레이어

파일함탐색기

한컴 타자연습

.

==== Event Viewer Messages From Past Week ========

.

2013-01-29 오후 5:21:50, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-29 오후 5:21:50, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-29 오후 5:21:50, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

2013-01-29 오후 5:21:50, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

2013-01-28 오후 9:52:05, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-28 오후 9:52:05, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-28 오후 9:52:05, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

2013-01-28 오후 9:52:05, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

2013-01-28 오후 7:54:54, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-28 오후 7:54:54, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

2013-01-28 오후 7:53:18, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-28 오후 7:53:18, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

2013-01-28 오후 7:53:18, Error: Application Popup [1060] - \??\C:\Users\Master\AppData\Local\Temp\ugabgegf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2013-01-28 오후 7:50:24, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

2013-01-28 오후 7:50:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon

2013-01-28 오후 7:50:10, Error: Service Control Manager [7000] - The Windows MineService Update Class (uu) service failed to start due to the following error: The system cannot find the file specified.

2013-01-28 오후 7:50:03, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The system cannot find the file specified.

2013-01-28 오후 7:50:03, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The system cannot find the file specified.

2013-01-28 오후 7:50:02, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

2013-01-28 오후 7:46:20, Error: Application Popup [1060] - \??\C:\Users\Master\AppData\Local\Temp\ugabgegf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2013-01-26 오후 2:47:20, Error: Application Popup [1060] - \??\C:\Users\Master\AppData\Local\Temp\ugabgegf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dad [Admin rights]

Mode : Scan -- Date : 01/29/2013 17:37:51

| ARK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKUS\S-1-5-21-2562538608-3379174730-3565747309-1005[...]\Run : NryTdhns (C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : update.exe (C:\Users\luk\AppData\Local\Ipop\update.exe) -> FOUND

[sHELL][sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (userinit.exe,,C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe) -> FOUND

[TASK][sUSP PATH] IPopUpdate : C:\Users\luk\AppData\Local\Ipop\update.exe admin -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 +++++

--- User ---

[MBR] 950f05daa3c404232d19ff8ca44b1749

[bSP] 16176d5abc32588c5d7e90f1b6e320f1 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01292013_02d1737.txt >>

RKreport[1]_S_01292013_02d1737.txt

Share this post


Link to post
Share on other sites

the thing is i scanned this on a different user... does it have to be on my user? because on that user it doesnt let me do the stuff i mentioned in the beginning.

Share this post


Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKUS\S-1-5-21-2562538608-3379174730-3565747309-1005[...]\Run : NryTdhns (C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe) -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : update.exe (C:\Users\luk\AppData\Local\Ipop\update.exe) -> FOUND

[sHELL][sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (userinit.exe,,C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe) -> FOUND

[TASK][sUSP PATH] IPopUpdate : C:\Users\luk\AppData\Local\Ipop\update.exe admin -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]

Now click Delete on the right hand column under Options

-------------

Next......

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Share this post


Link to post
Share on other sites

everythings seems to be working fine now. Thank you so much for your help!

Share this post


Link to post
Share on other sites

sorry but when i logged into my other user, nothing happened to it and it is still like before....

Share this post


Link to post
Share on other sites

OTL logfile created on: 2013-01-30 오후 7:01:54 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

2.74 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 53.01% Memory free

5.48 Gb Paging File | 3.88 Gb Available in Paging File | 70.89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.99 Gb Total Space | 168.32 Gb Free Space | 59.06% Space Free | Partition Type: NTFS

Computer Name: LUKE | User Name: Dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-01-30 19:01:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe

PRC - [2013-01-28 19:11:16 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Users\Dad\AppData\Local\Mozilla Firefox\firefox.exe

PRC - [2013-01-10 14:00:03 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012-11-01 17:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2012-08-23 14:40:04 | 000,188,760 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

PRC - [2011-06-07 07:08:08 | 002,535,424 | ---- | M] () -- C:\Windows\SysWOW64\DM.exe

PRC - [2010-08-10 09:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2010-08-10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2010-08-10 09:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2010-06-28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010-05-27 02:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

PRC - [2010-05-27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

PRC - [2010-04-13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010-04-13 16:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010-03-18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010-03-18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010-03-11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010-03-11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010-01-28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010-01-15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2010-01-08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2008-11-09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2013-01-28 19:11:16 | 003,022,232 | ---- | M] () -- C:\Users\Dad\AppData\Local\Mozilla Firefox\mozjs.dll

MOD - [2013-01-10 23:14:26 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll

MOD - [2013-01-10 14:57:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013-01-10 14:57:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll

MOD - [2013-01-10 14:56:59 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013-01-10 14:56:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013-01-10 14:56:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013-01-10 14:56:38 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013-01-10 14:56:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\156a6215a427bcec551e294300c096e6\System.Configuration.ni.dll

MOD - [2013-01-10 14:56:32 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2013-01-10 14:00:03 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

MOD - [2012-11-01 17:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2012-11-01 17:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009-05-20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012-09-13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)

SRV:64bit: - [2012-08-23 14:40:04 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)

SRV:64bit: - [2012-08-01 02:25:30 | 000,199,088 | ---- | M] (Daum Communications Corp.) [On_Demand | Stopped] -- C:\Program Files\Daum\Cleaner\DaumCleanerService.exe -- (DaumCleanerService)

SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010-06-11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010-01-28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009-07-14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013-01-28 19:11:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012-12-11 19:05:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012-10-20 17:49:00 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)

SRV - [2012-07-13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011-06-07 07:08:08 | 002,535,424 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DM.exe -- (DM)

SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011-01-12 19:40:16 | 003,963,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010-12-04 04:33:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010-08-10 09:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2010-06-28 22:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010-05-27 02:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)

SRV - [2010-04-13 16:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010-03-18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010-01-08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009-06-10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008-11-09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012-09-28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012-09-14 07:42:00 | 000,118,072 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AmonTDLh.sys -- (AMonTDLH)

DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012-03-07 08:10:00 | 000,183,544 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)

DRV:64bit: - [2012-03-07 08:10:00 | 000,107,768 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)

DRV:64bit: - [2012-03-07 08:10:00 | 000,098,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2BthF.sys -- (Mkd2Bthf)

DRV:64bit: - [2012-03-01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-03-11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-02-11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010-11-20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-10-18 09:34:40 | 000,049,224 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\clunet.sys -- (clunet)

DRV:64bit: - [2010-09-23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010-07-09 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010-06-28 07:55:00 | 000,155,256 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)

DRV:64bit: - [2010-06-28 07:55:00 | 000,126,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)

DRV:64bit: - [2010-06-21 09:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010-06-17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010-06-03 19:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010-05-15 12:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010-04-20 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2010-04-13 16:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010-02-26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009-12-10 11:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009-09-17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009-07-21 01:00:00 | 000,025,656 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CdmDrvNt.sys -- (CdmDrvNt)

DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-06-03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009-06-03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009-06-03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005-01-02 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/

IE - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AMSA_enGB436

IE - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_480\npaosmgr.dll (AhnLab, Inc.)

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll File not found

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\@wizvera.com/npVeraport20: C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012-08-30 04:02:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010-12-04 04:26:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010-12-04 04:26:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010-12-04 04:26:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012-08-30 04:02:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-11-29 20:30:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Users\Dad\AppData\Local\Mozilla Firefox\components [2013-01-28 19:11:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Users\Dad\AppData\Local\Mozilla Firefox\plugins

[2013-01-28 18:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions

[2012-08-05 17:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll

CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\npbrowserext.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_480\npaosmgr.dll

CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll

CHR - plugin: AhnLab Online Security Anti-keylogger (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Veraport Mozilla Plugin (Enabled) = C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: PriceGong = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\

CHR - Extension: YouTube = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Web Assistant = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.3\PriceGongIE.dll (PriceGong)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()

O2 - BHO: (MozenCuto System) - {3F08DFF9-2D5A-4163-B87F-FF980247A925} - C:\Program Files (x86)\MozenCuto\mzcutouu.dll File not found

O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Daum 클리너) - {BDDB5A00-D1EB-49D5-B197-72A06DF78AA1} - C:\Program Files\Daum\Cleaner\DaumStart.1.5.0.114.dll (Daum Communications Corp.)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2562538608-3379174730-3565747309-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [HncUpdate] C:\Program Files (x86)\HNC\hncutils\HncChecker.exe (Hancom Inc(HNC).)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nrytdhns.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {477D5B9A-6479-44F8-9718-9340119B0308} http://www.hanabank.com/resource/download/veraport/down/veraport20.cab (Veraport20Ctl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8C96AC47-F768-47F5-95C2-24018E6674C5} http://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cab (ChocoAXCtl Class)

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4 (Daum ActiveX manager Class)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 164.124.101.2 203.248.252.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5EDA27D-50E6-4F19-A31E-549A739F6C6B}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\s-http - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11014.dll (© INITECH)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe) - C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe ()

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-01-29 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Programs

[2013-01-29 20:49:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\mbar-1.01.0.1017

[2013-01-29 17:36:17 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\RK_Quarantine

[2013-01-28 19:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2013-01-28 19:55:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013-01-28 19:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Mozilla Firefox

[2013-01-28 18:57:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Macromedia

[2013-01-28 18:56:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Mozilla

[2013-01-28 18:56:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Mozilla

[2013-01-27 21:28:27 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q

[2013-01-27 21:28:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Babylon

[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-01-30 19:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-01-30 18:58:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-01-30 18:58:22 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2562538608-3379174730-3565747309-1001UA.job

[2013-01-30 18:58:22 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-01-30 18:58:22 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2562538608-3379174730-3565747309-1001Core.job

[2013-01-29 22:42:46 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-01-29 21:50:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-01-29 21:50:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-01-29 21:40:46 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys

[2013-01-29 21:36:48 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013-01-29 17:37:30 | 000,007,605 | ---- | M] () -- C:\Users\Dad\AppData\Local\Resmon.ResmonCfg

[2013-01-27 21:28:50 | 000,001,190 | ---- | M] () -- C:\Users\Dad\Desktop\Mozilla Firefox.lnk

[2013-01-27 20:55:34 | 000,002,223 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk

[2013-01-12 15:49:18 | 000,788,548 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013-01-12 15:49:18 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-01-12 15:49:18 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-01-10 14:51:26 | 000,470,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013-01-10 14:30:16 | 000,765,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-01-29 17:37:30 | 000,007,605 | ---- | C] () -- C:\Users\Dad\AppData\Local\Resmon.ResmonCfg

[2013-01-27 21:28:50 | 000,001,198 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2013-01-27 21:28:50 | 000,001,190 | ---- | C] () -- C:\Users\Dad\Desktop\Mozilla Firefox.lnk

[2012-08-14 13:48:09 | 000,205,108 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012-03-06 23:20:56 | 000,047,280 | ---- | C] () -- C:\Windows\SysWow64\drivers\SCSK5.sys

[2012-03-06 21:58:55 | 000,024,576 | ---- | C] () -- C:\Windows\INIUpdateAdmin.dll

[2011-06-07 07:08:08 | 002,535,424 | ---- | C] () -- C:\Windows\SysWow64\DM.exe

[2011-06-03 18:11:37 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat

[2011-06-03 18:03:16 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2011-05-17 20:57:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011-03-15 18:20:26 | 000,788,548 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011-02-27 21:57:36 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011-02-27 21:57:36 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011-02-19 21:11:56 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2011-02-11 18:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010-08-30 09:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-01-27 21:28:27 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q

[2012-11-24 16:49:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\4Sync

[2013-01-27 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Babylon

[2012-12-24 20:16:13 | 000,000,000 | ---D | M] -- C:\Users\Master\AppData\Roaming\4Sync

[2012-11-19 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Master\AppData\Roaming\AhnLab

[2012-08-18 13:59:06 | 000,000,000 | ---D | M] -- C:\Users\Master\AppData\Roaming\HNC

[2012-08-18 11:09:25 | 000,000,000 | ---D | M] -- C:\Users\Master\AppData\Roaming\LolClient

[2013-01-25 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Master\AppData\Roaming\Spotify

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 2013-01-30 오후 7:01:54 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

2.74 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 53.01% Memory free

5.48 Gb Paging File | 3.88 Gb Available in Paging File | 70.89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.99 Gb Total Space | 168.32 Gb Free Space | 59.06% Space Free | Partition Type: NTFS

Computer Name: LUKE | User Name: Dad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Users\Dad\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

"UacDisableNotify" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02

"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-0412-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Korean) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"DaumCleaner" = Daum 클리너

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WNLT" = Web Optimizer

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 26

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2D992E01-604B-472C-A883-1DDA105A24D5}_is1" = Veraport20(Security module management) - 2,5,0,4

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4F517950-16E9-49A5-B3B1-91E100604B29}" = MLS AD Integration

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6A2E758A-028B-46BB-A11D-0608AB5A4ED3}" = Daum ActiveX ÄÁÆ®·Ñ - Daum ?? ????

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8

"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater

"{90120000-0015-0412-0000-0000000FF1CE}" = Microsoft Office Access MUI (Korean) 2007

"{90120000-0015-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0412-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Korean) 2007

"{90120000-0016-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0412-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Korean) 2007

"{90120000-0018-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0412-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Korean) 2007

"{90120000-0019-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Korean) 2007

"{90120000-001A-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0412-0000-0000000FF1CE}" = Microsoft Office Word MUI (Korean) 2007

"{90120000-001B-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007

"{90120000-001F-0412-0000-0000000FF1CE}_ENTERPRISE_{2E46C2DF-47D7-4737-BA5C-8746DE103FFC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007

"{90120000-0028-0412-0000-0000000FF1CE}_ENTERPRISE_{12D06165-60AA-4402-9834-B5F37221001D}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0028-0412-1000-0000000FF1CE}_ENTERPRISE_{198C790E-501A-4968-9091-95D84DCA4FD6}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0412-1000-0000000FF1CE}_ENTERPRISE_{8F1A59A7-C656-4BA7-9861-5D1F12EEE93F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0412-0000-0000000FF1CE}" = Microsoft Office Proofing (Korean) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0412-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Korean) 2007

"{90120000-0044-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0412-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Korean) 2007

"{90120000-006E-0412-0000-0000000FF1CE}_ENTERPRISE_{8F1A59A7-C656-4BA7-9861-5D1F12EEE93F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0412-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Korean) 2007

"{90120000-00A1-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0412-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Korean) 2007

"{90120000-0114-0412-0000-0000000FF1CE}_ENTERPRISE_{04453554-21E4-4B77-809F-1A7B8C654039}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A21E6CD8-70E4-45CF-A1A8-FC1584D8523E}" = Daum ActiveX ÄÁÆ®·Ñ - Daum ?? ?????

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}" = NWZ-B170 WALKMAN Guide

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FAB5E347-A6B0-44BB-A876-34E7EE6E52CF}" = 한컴 타자연습

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"4Sync" = 4Sync

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AhnLab Online Security" = AhnLab Online Security

"Androsa FileProtector" = Androsa FileProtector

"ChocoPlayer" = 초코 플레이어

"ChocoStream2010" = ChocoStream2010

"DivX Setup" = DivX Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Google Chrome" = Google Chrome

"Identity Card" = Identity Card

"incredibar" = Incredibar Toolbar on IE

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"Ipop(아이팝)_is1" = Ipop(아이팝)

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mplayer" = Mplayer 0.6.9

"PriceGong" = PriceGong 2.5.3

"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0

"SuddenAttackNA" = SuddenAttack

"UnINISafeWeb7" = INISafeWeb 7.0 (SFilter v1.0)

"ViewpointMediaPlayer" = Viewpoint Media Player

"WinLiveSuite" = Windows Live Essentials

"Xvid_is1" = Xvid 1.2.1 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

"짱파일 다운로드" = 짱파일 다운로드

"파일함탐색기" = 파일함탐색기

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2562538608-3379174730-3565747309-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mozilla Firefox Packages" = Mozilla Firefox Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2013-01-28 오후 3:41:45 | Computer Name = Luke | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1721533

Error - 2013-01-28 오후 3:41:46 | Computer Name = Luke | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2013-01-28 오후 3:41:46 | Computer Name = Luke | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1722563

Error - 2013-01-28 오후 3:41:46 | Computer Name = Luke | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1722563

Error - 2013-01-29 오후 5:36:51 | Computer Name = Luke | Source = Application Error | ID = 1000

Description = Faulting application name: mbamgui.exe, version: 1.70.0.0, time stamp:

0x50cb9162 Faulting module name: mbamnet.dll, version: 1.70.0.0, time stamp: 0x50cb912d

Exception

code: 0xc0000005 Fault offset: 0x0000b836 Faulting process id: 0xd78 Faulting application

start time: 0x01cdfe68beb52bc9 Faulting application path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamgui.exe Faulting module path: C:\Program Files (x86)\Malwarebytes'

Anti-Malware\mbamnet.dll Report Id: fdf19dd7-6a5b-11e2-80fa-1c750843763f

Error - 2013-01-29 오후 5:46:42 | Computer Name = Luke | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 12b0 Start

Time: 01cdfe69cb323e4c Termination Time: 15 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id: 58183762-6a5d-11e2-874e-1c750843763f

Error - 2013-01-29 오후 6:37:44 | Computer Name = Luke | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 8f0 Start

Time: 01cdfe70c67a8554 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id: 76cd19ae-6a64-11e2-874e-1c750843763f

Error - 2013-01-29 오후 6:39:03 | Computer Name = Luke | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1224 Start

Time: 01cdfe7141722293 Termination Time: 15 Application Path: C:\Program Files (x86)\Internet

Explorer\iexplore.exe Report Id: aa7df951-6a64-11e2-874e-1c750843763f

Error - 2013-01-30 오후 3:03:08 | Computer Name = Luke | Source = Application Error | ID = 1000

Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Faulting module name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Exception code: 0xc0000005 Fault offset: 0x0020ef4d Faulting process

id: 0xcb4 Faulting application start time: 0x01cdff1c7049dba5 Faulting application

path: C:\Users\Master\Documents\School work\School ICT\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe

Faulting

module path: C:\Users\Master\Documents\School work\School ICT\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe

Report

Id: ae7a4c31-6b0f-11e2-874e-1c750843763f

Error - 2013-01-30 오후 3:10:13 | Computer Name = Luke | Source = Application Error | ID = 1000

Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Faulting module name: LoLLauncher.exe, version: 0.0.0.0, time

stamp: 0x4f15f44a Exception code: 0xc0000005 Fault offset: 0x0020ef4d Faulting process

id: 0x16cc Faulting application start time: 0x01cdff1d6da4f5af Faulting application

path: C:\Users\Master\Documents\School work\School ICT\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe

Faulting

module path: C:\Users\Master\Documents\School work\School ICT\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe

Report

Id: ac4c6b06-6b10-11e2-874e-1c750843763f

[ System Events ]

Error - 2013-01-29 오후 5:42:07 | Computer Name = Luke | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

TfFsMon TfSysMon

Error - 2013-01-29 오후 5:42:11 | Computer Name = Luke | Source = Service Control Manager | ID = 7034

Description = The MBAMService service terminated unexpectedly. It has done this

1 time(s).

Error - 2013-01-29 오후 5:42:20 | Computer Name = Luke | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 2013-01-29 오후 5:45:18 | Computer Name = Luke | Source = Application Popup | ID = 1060

Description = \??\C:\Users\Master\AppData\Local\Temp\ugabgegf.sys has been blocked

from loading due to incompatibility with this system. Please contact your software

vendor for a compatible version of the driver.

Error - 2013-01-29 오후 5:45:22 | Computer Name = Luke | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 2013-01-29 오후 5:45:22 | Computer Name = Luke | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 2013-01-29 오후 6:42:58 | Computer Name = Luke | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 2013-01-29 오후 6:42:58 | Computer Name = Luke | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 2013-01-30 오후 2:58:23 | Computer Name = Luke | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 2013-01-30 오후 2:58:23 | Computer Name = Luke | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

< End of report >

Share this post


Link to post
Share on other sites

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()

O2 - BHO: (MozenCuto System) - {3F08DFF9-2D5A-4163-B87F-FF980247A925} - C:\Program Files (x86)\MozenCuto\mzcutouu.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nrytdhns.exe ()

O20 - HKLM Winlogon: UserInit - (C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe) - C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe ()

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2013-01-27 21:28:27 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Files

C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nrytdhns.exe

C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.

C:\Program Files\Web Assistant\Extension32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F08DFF9-2D5A-4163-B87F-FF980247A925}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F08DFF9-2D5A-4163-B87F-FF980247A925}\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nrytdhns.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe deleted successfully.

File move failed. C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe scheduled to be moved on reboot.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\Mozilla Firefox Packages folder moved successfully.

C:\Users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q folder moved successfully.

ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.

ADS C:\ProgramData\Temp:1A60DE96 deleted successfully.

ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.

ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.

========== FILES ==========

File\Folder C:\Users\Master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nrytdhns.exe not found.

File move failed. C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe scheduled to be moved on reboot.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Dad

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: luk

User: Master

->Java cache emptied: 862486 bytes

User: Public

Total Java Files Cleaned = 1.00 mb

[EMPTYTEMP]

User: All Users

User: Dad

->Temp folder emptied: 85463488 bytes

->Temporary Internet Files folder emptied: 226990968 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 262384441 bytes

->Google Chrome cache emptied: 348167552 bytes

->Apple Safari cache emptied: 144403456 bytes

->Flash cache emptied: 16845 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: luk

User: Master

->Temp folder emptied: 1905924898 bytes

->Temporary Internet Files folder emptied: 649799314 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 368768109 bytes

->Flash cache emptied: 89729 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 274845261 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3158423 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,072.00 mb

[EMPTYFLASH]

User: All Users

User: Dad

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: luk

User: Master

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01302013_210338

Files\Folders moved on Reboot...

C:\Users\Master\AppData\Local\flhhshec\nrytdhns.exe moved successfully.

C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Master\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Master\AppData\Local\Temp\~TM3749.tmp not found!

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6UOHZNJ\logon[1].htm moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICGZSM3F\cb_menu_empty_page[3].htm moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICGZSM3F\cb_menu_empty_page[4].htm moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICGZSM3F\ft_debug_message[1].js moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ICGZSM3F\spacer[1].gif moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7Y4TLZU\ft_debug_message[1].js moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7Y4TLZU\ft_debug_message[2].js moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BN6CY1LX\ft_debug_message[2].js moved successfully.

C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BN6CY1LX\jquery[1].js moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Next......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

ComboFix 13-01-31.03 - Dad 2013-01-31 18:35:24.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.2807.1615 [GMT 0:00]

Running from: c:\users\Dad\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\FCommerce

c:\program files (x86)\Incredibar.com

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

c:\program files (x86)\QuickTime\QTTask.exe

c:\program files (x86)\SmartSearch

c:\programdata\FullRemove.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\파일함

c:\users\Master\3289837.exe

c:\users\Master\AppData\Local\bnmqsvqd.log

c:\users\Master\AppData\Local\djdkfuug.log

c:\users\Master\AppData\Local\huvahere.log

c:\users\Master\AppData\Local\oxlmygfm.log

c:\users\Master\AppData\Local\posardmm.log

c:\users\Master\AppData\Local\qlippnpd.log

c:\users\Master\AppData\Local\thghbyvh.log

c:\users\Public\Documents\ssopt.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Windows MineService Update Class

.

.

((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))

.

.

2013-01-31 18:45 . 2013-01-31 18:45 -------- d-----w- c:\users\Master\AppData\Local\temp

2013-01-31 18:45 . 2013-01-31 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-30 21:03 . 2013-01-30 21:03 -------- d-----w- C:\_OTL

2013-01-29 21:35 . 2013-01-29 21:35 -------- d-----w- c:\users\Dad\AppData\Local\Programs

2013-01-28 19:55 . 2013-01-28 19:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-01-28 19:11 . 2013-01-28 19:55 -------- d-----w- c:\users\Dad\AppData\Local\Mozilla Firefox

2013-01-28 18:57 . 2013-01-28 18:57 -------- d-----w- c:\users\Dad\AppData\Local\Macromedia

2013-01-28 18:56 . 2013-01-28 18:56 -------- d-----w- c:\users\Dad\AppData\Local\Mozilla

2013-01-27 21:28 . 2013-01-27 21:28 -------- d-----w- c:\users\Dad\AppData\Roaming\Babylon

2013-01-26 14:46 . 2013-01-30 21:25 -------- d-----w- c:\users\Master\AppData\Local\flhhshec

2013-01-25 19:52 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C41A343-9803-4F23-9C22-C1EF15A8DFA7}\mpengine.dll

2013-01-09 17:35 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 17:35 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 17:35 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 17:35 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-09 17:35 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-09 17:35 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 14:15 . 2011-02-24 17:28 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-10 14:00 . 2012-05-12 16:02 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-10 14:00 . 2011-05-17 17:14 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 13:59 . 2012-12-11 20:04 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-12-16 17:11 . 2012-12-22 11:06 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 11:06 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:06 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 11:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 16:49 . 2012-08-16 10:56 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-30 04:45 . 2013-01-09 17:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-19 13:49 . 2012-03-06 23:20 47280 ----a-w- c:\windows\SysWow64\drivers\SCSK5.sys

2012-11-14 07:06 . 2012-12-13 10:13 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 10:13 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 10:13 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 10:13 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 10:13 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 10:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 10:13 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 10:13 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 10:13 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 10:13 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 10:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 10:13 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 10:13 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 10:13 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 10:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 10:13 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 10:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 10:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 10:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 10:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 10:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 10:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl

2012-11-09 05:45 . 2012-12-12 17:41 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 17:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

2011-10-05 11:02 386424 ----a-w- c:\program files (x86)\PriceGong\2.5.3\PriceGongIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-03-27 00:40 792864 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-23 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"HncUpdate"="c:\program files (x86)\HNC\HncUtils\HncChecker.exe" [2012-04-18 715616]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]

Ime File REG_SZ IMKR12.IME

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 Windows MineService Update Class;Windows MineService Update Class (uu);c:\program files (x86)\MozenCuto\mzcutouusvc.exe [x]

R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [2009-07-21 25656]

R3 DaumCleanerService;DaumCleanerService;c:\program files\Daum\Cleaner\DaumCleanerService.exe [2012-08-01 199088]

R3 dump_wmimmc;dump_wmimmc;c:\sg interactive\grand chase\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 126072]

R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 155256]

R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2012-03-07 98040]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2012-03-07 107768]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2012-03-07 183544]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]

R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys [x]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-20 1255736]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]

R3 xspirit;xspirit;c:\windows\xspirit.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [2012-09-14 118072]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]

S2 clunet;clunet;c:\windows\system32\drivers\clunet.sys [2010-10-18 49224]

S2 DM;DM;c:\windows\system32\DM.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-08-23 188760]

S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-24 17:40 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 19:05]

.

2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 16:07]

.

2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 16:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

2012-08-23 14:40 208216 ----a-w- c:\program files\Web Assistant\Extension64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]

2012-09-25 19:13 2190336 ----a-w- c:\progra~2\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Microsoft Excel로 내보내기(&X) - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

DPF: {477D5B9A-6479-44F8-9718-9340119B0308} - hxxp://www.hanabank.com/resource/download/veraport/down/veraport20.cab

DPF: {8C96AC47-F768-47F5-95C2-24018E6674C5} - hxxp://www.jjangfile.net/scripts/common/mmsv/ChocoStream.cab

DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe

Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ChocoPlayer - c:\program files (x86)\Clunet\ChocoPlayer\uninstall.exe

AddRemove-ChocoStream2010 - c:\program files (x86)\ChocoStream\chocostream_uninstall.exe

AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

AddRemove-Ipop(아이팝)_is1 - c:\users\luk\AppData\Local\Ipop\unins000.exe

AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe

AddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exe

AddRemove-SuddenAttackNA - c:\programdata\NexonUS\NGM\NGM.exe

AddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exe

AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\Bing Bar Installer\InstallManager.exe

AddRemove-짱파일 다운로드 - c:\program files (x86)\jjangfile.net\jjangfile(normal)\Uninstall.exe

AddRemove-파일함탐색기 - c:\program files (x86)\Fileham.com\FileHamBrowser\BrowserUninstall.exe

AddRemove-Mozilla Firefox Packages - c:\users\Dad\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\Mozilla Firefox Packages\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\DM.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-01-31 18:57:27 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-31 18:57

.

Pre-Run: 191,188,422,656 bytes free

Post-Run: 190,417,674,240 bytes free

.

- - End Of File - - B40E012AD2CA9FA0694F4568F8E6AEEE

Share this post


Link to post
Share on other sites

Do you recognize this folder:

c:\users\Master\AppData\Local\flhhshec

You may have to enable hidden files to see it:

http://www.howtogeek...-windows-vista/

--------------------------------

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

http://www.virustotal.com/

C:\Windows\syswow64\drivers\scsk5.sys

MrC

Share this post


Link to post
Share on other sites

After the scan from combofix, my computer seems to have returned to normal. Please inform me if there is anything else I have to do. Thanks

Share this post


Link to post
Share on other sites

It doesn't appear to be the correct file:

nrytdhns.exe <---results are for this

scsk5.sys <---file I asked to be scanned

MrC

Share this post


Link to post
Share on other sites

OK...........

OK, run another scan just to make sure it's not targeted and if it's OK:

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

-------------------------------------

I suggest you download and install "CCleaner"

http://www.filehippo.com/download_ccleaner/

It's great at clearing out temp files, you may want to uncheck "Cookies" when you run it.

Stay away from the "registry cleaner" also.

MrC

Share this post


Link to post
Share on other sites

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 16:35:13

# Updated 26/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Master - LUKE

# Boot Mode : Normal

# Running from : C:\Users\Master\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P6NEFNP\AdwCleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Web Assistant Updater

Stopped & Deleted : WebOptimizer

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Program Files (x86)\PriceGong

Folder Deleted : C:\Program Files (x86)\Viewpoint

Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime

Folder Deleted : C:\Program Files\Web Assistant

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\Viewpoint

Folder Deleted : C:\Users\Dad\AppData\LocalLow\incredibar.com

Folder Deleted : C:\Users\Dad\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Dad\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Folder Deleted : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Deleted : C:\Users\Master\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Master\AppData\LocalLow\incredibar.com

Folder Deleted : C:\Users\Master\AppData\LocalLow\PriceGong

Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\incredibar.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\WNLT

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\I

Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\incredibar.com

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Master\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13986 octets] - [02/02/2013 16:34:56]

AdwCleaner[s1].txt - [14217 octets] - [02/02/2013 16:35:13]

########## EOF - C:\AdwCleaner[s1].txt - [14278 octets] ##########

Share this post


Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.