kwikimart Posted March 29, 2010 Posted March 29, 2010 I've got an error on my computer, it keeps saying i can't do this or that because i have got msls52.dll missing. But the pop up just keeps coming up and i keep press okay and then it goes and allows me to do what i do. (but there is nothing on the screen of course except my groovy screen saver :) and i tried opening task manager, and and looked for restore, etc in the files but nothing could be found, and now iam currently on the task manager on the internet doing this, trying to get some help!! i've tried putting it in safe mode and the uknown configuration but there is nothing on the screen again, and the error keeps popping up :( PLEASE HELP!!! I am tearing my hair out... p.s i think what the problem to this was, my AV (?) detected some virus? this trogan horse thing, and i just pressed close, but it just constantly came up so i pressed moved to vaults,( but not heal or delete) and it said that i had to restart my computer which i did, and ever since it is like this...... Quote
Jelly Bean Posted March 29, 2010 Posted March 29, 2010 Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 3 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check . . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. Code: netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL Thanks. Quote Rwy'n ceisio fy ngorau......................
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 Hi THANK YOU SO MUCH! i have so far tried up to the step 2. but still i have no icons, the start bar or anything and the error message keeps coming up as usual, or actually more for some reason. But thankfully it still allows me to do what i wanted to do, after a while of tapping on enter. i shall copy and paste the log. Malwarebytes' Anti-Malware 1.45 Malwarebytes Database version: 3933 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2010-03-30 오후 6:58:25 mbam-log-2010-03-30 (18-58-25).txt Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|) Objects scanned: 162319 Time elapsed: 1 hour(s), 26 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 22 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4dw4r3 (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\rewardband.Band (Adware.Rewardnet) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\RewardBHO.Bar (Adware.Rewardnet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShopGuide (Adware.Rewardnet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\Program Files\Mplus\mg_rwd_1g.dll (Adware.MPlus) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{2D2822F2-CC8B-49C0-B36D-5EC19ADABC02}\RP9\A0002104.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\altv.gyo (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. and i have also rebooted.... i hope this makes any sense to you, cause it doesn't to me :s your help is much apprecitated!!! i'll tell you how i get on with step 3 Quote
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 OTL logfile created on: 2010-03-30 오후 7:34:28 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\바탕 화면 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd 511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15.92 Gb Total Space | 5.42 Gb Free Space | 34.04% Space Free | Partition Type: NTFS Drive D: | 58.61 Gb Total Space | 25.82 Gb Free Space | 44.06% Space Free | Partition Type: NTFS Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PB Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\slserv.exe (Smart Link) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Wind0wsSrv) -- File not found SRV - (ODBC_Server_2009) -- File not found SRV - (kstationA) -- File not found SRV - (IocationA) -- File not found SRV - (IDESRv) -- File not found SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll () SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll () SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.) DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.) DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys () DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link) DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link) DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link) DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link) DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link) DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link) DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (w****b) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobespanVirata Inc.) DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Daum - ìƒí™œì´ ë°”ë€ë‹¤! Life On Daum IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "www.daum.net" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-03-19 18:00:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-23 20:52:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-20 15:09:41 | 000,000,000 | ---D | M] [2008-07-22 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2010-03-28 22:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions [2009-09-14 23:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-01-27 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\searchrecs@veoh.com [2008-07-22 20:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008-10-28 22:46:05 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml [2008-10-28 22:46:05 | 000,003,396 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml [2008-10-28 22:46:05 | 000,002,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml [2008-10-28 22:46:05 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml [2008-10-28 22:46:05 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml O1 HOSTS File: ([2001-08-29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc) O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] D:\qttask.exe (Apple Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab (CyImage2Ctl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB (Tpwin Control) O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab (NHNComicViewer Class) O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} http://image.pullbbang.com/newTop/Pull0Control.ocx (Pull0PlayerX Control) O16 - DPF: {4AFE617E-ABD5-48F2-9107-774310802352} http://img.cyworld.com/img/video_v3/tvon/CyTVAxLauncher_V12.CAB (CyTVAx Class) O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab (MaxHelper Control) O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604 (CyImage Class) O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10 (Cdmcco Class) O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.diodeo.com/ActiveDiodeoPlayer.cab (MagicLockOCX Control) O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2 (Daum ActiveX manager Class) O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab (SBSWebPlayer Class) O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,22 (CAFE multiupload control) O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} http://rc.puppyred.com/init.cab (InitOcx Control) O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} http://cyimg7.cyworld.nate.com/cymusic/package/cyinstal.cab (PcubeSet Class) O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab (Pandora_SetUp Control) O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} http://www.50yb.com/player/forceplayer.cab (CPPMediaCtrl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (현재 홈 페이지) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-03-09 20:01:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Quote
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 OTL logfile created on: 2010-03-30 오후 7:34:28 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\바탕 화면 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd 511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15.92 Gb Total Space | 5.42 Gb Free Space | 34.04% Space Free | Partition Type: NTFS Drive D: | 58.61 Gb Total Space | 25.82 Gb Free Space | 44.06% Space Free | Partition Type: NTFS Unable to calculate disk information. F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PB Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\slserv.exe (Smart Link) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Wind0wsSrv) -- File not found SRV - (ODBC_Server_2009) -- File not found SRV - (kstationA) -- File not found SRV - (IocationA) -- File not found SRV - (IDESRv) -- File not found SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll () SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll () SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.) DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.) DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys () DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link) DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link) DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link) DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link) DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link) DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link) DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (w****b) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobespanVirata Inc.) DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Daum - ìƒí™œì´ ë°”ë€ë‹¤! Life On Daum IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "www.daum.net" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-03-19 18:00:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-23 20:52:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-20 15:09:41 | 000,000,000 | ---D | M] [2008-07-22 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2010-03-28 22:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions [2009-09-14 23:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-01-27 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\searchrecs@veoh.com [2008-07-22 20:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008-10-28 22:46:05 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml [2008-10-28 22:46:05 | 000,003,396 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml [2008-10-28 22:46:05 | 000,002,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml [2008-10-28 22:46:05 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml [2008-10-28 22:46:05 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml O1 HOSTS File: ([2001-08-29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll () O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc) O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] D:\qttask.exe (Apple Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab (CyImage2Ctl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB (Tpwin Control) O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab (NHNComicViewer Class) O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} http://image.pullbbang.com/newTop/Pull0Control.ocx (Pull0PlayerX Control) O16 - DPF: {4AFE617E-ABD5-48F2-9107-774310802352} http://img.cyworld.com/img/video_v3/tvon/CyTVAxLauncher_V12.CAB (CyTVAx Class) O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab (MaxHelper Control) O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604 (CyImage Class) O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10 (Cdmcco Class) O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.diodeo.com/ActiveDiodeoPlayer.cab (MagicLockOCX Control) O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2 (Daum ActiveX manager Class) O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab (SBSWebPlayer Class) O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,22 (CAFE multiupload control) O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} http://rc.puppyred.com/init.cab (InitOcx Control) O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} http://cyimg7.cyworld.nate.com/cymusic/package/cyinstal.cab (PcubeSet Class) O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab (Pandora_SetUp Control) O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} http://www.50yb.com/player/forceplayer.cab (CPPMediaCtrl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (현재 홈 페이지) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-03-09 20:01:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Quote
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 here is the rest... (SORRY!!) NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-03-09 20:01:22 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (11543867069300736) ========== Files/Folders - Created Within 30 Days ========== Quote
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 (Continued.... still) [2010-03-30 19:33:23 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\OTL.exe [2010-03-30 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes [2010-03-30 17:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-30 17:25:26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-30 17:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010-03-30 17:23:35 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\바탕 화면\mbam-setup-1.45.exe [2010-03-30 17:13:28 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\TFC.exe [2010-03-29 20:04:17 | 000,926,552 | ---- | C] (Prevx) -- C:\Documents and Settings\user\바탕 화면\PREVXCSIFREE.EXE [2010-03-26 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\WebCompass [2010-03-26 00:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2010-03-26 00:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Office Genuine Advantage [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK [2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA [2010-03-24 19:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2010-03-19 18:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2010-03-19 18:19:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2010-03-18 08:31:11 | 000,000,000 | -H-D | C] -- C:\$AVG [2010-03-18 08:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010-03-18 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2010-03-18 08:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2010-03-18 08:08:42 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\user\바탕 화면\avg_free_stb_all_9_40_cnet.exe [2010-03-18 07:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2010-03-11 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010-03-11 11:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010-03-11 11:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010-03-10 22:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010-03-10 19:53:33 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010-03-08 22:02:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache [2010-03-08 16:34:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\PrivacIE [2010-03-08 16:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IETldCache [2010-03-08 14:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010-03-08 14:11:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010-03-08 14:09:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010-03-08 13:56:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2010-03-08 13:56:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2010-03-08 13:56:54 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2010-03-08 13:56:43 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009-08-08 22:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft [2009-04-29 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [1 C:\Documents and Settings\user\바탕 화면\*.tmp files -> C:\Documents and Settings\user\바탕 화면\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-03-30 19:33:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\OTL.exe [2010-03-30 19:03:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010-03-30 19:01:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2010-03-30 19:01:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-30 19:01:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-30 19:01:10 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2010-03-30 18:59:59 | 006,504,448 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat [2010-03-30 18:59:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2010-03-30 17:28:28 | 058,253,661 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010-03-30 17:25:34 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\바탕 화면\Malwarebytes' Anti-Malware.lnk [2010-03-30 17:23:52 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\바탕 화면\mbam-setup-1.45.exe [2010-03-30 17:13:30 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\TFC.exe [2010-03-29 20:23:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\exeHelper.com [2010-03-29 20:04:17 | 000,926,552 | ---- | M] (Prevx) -- C:\Documents and Settings\user\바탕 화면\PREVXCSIFREE.EXE [2010-03-29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-29 07:21:17 | 000,439,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-03-29 07:21:17 | 000,240,230 | ---- | M] () -- C:\WINDOWS\System32\perfh012.dat [2010-03-29 07:21:17 | 000,069,348 | ---- | M] () -- C:\WINDOWS\System32\perfc012.dat [2010-03-29 07:21:17 | 000,069,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-03-29 07:21:16 | 000,832,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-03-28 12:59:32 | 001,666,435 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\dsds.mp3 [2010-03-26 00:26:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-25 01:06:36 | 000,000,425 | ---- | M] () -- D:\My Documents\6540654의 바로 가기.lnk [2010-03-24 20:06:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-03-22 19:24:35 | 000,000,325 | --S- | M] () -- C:\WINDOWS\System32\2718170913.dat [2010-03-21 21:36:27 | 001,004,888 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\oh_happy_day.pdf [2010-03-18 08:30:47 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2010-03-18 08:30:47 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2010-03-18 08:30:47 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010-03-18 08:30:47 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2010-03-18 08:30:34 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\바탕 화면\AVG Free 9.0.lnk [2010-03-18 08:30:32 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2010-03-18 08:30:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2010-03-18 08:08:43 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\user\바탕 화면\avg_free_stb_all_9_40_cnet.exe [2010-03-13 00:54:01 | 000,000,650 | ---- | M] () -- C:\WINDOWS\win.ini [2010-03-12 19:19:47 | 000,000,270 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\Watch Jennifer's Body Online Free , download Jennifersbody - Watch Movies Online For Free Full Movie Downloads.url [2010-03-12 19:07:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-03-11 18:28:42 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-03-10 19:53:27 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\타종교안에서의 선교.hwp [2010-03-07 13:14:27 | 000,205,233 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\%EC%98%A5%ED%83%9D%EC%97%B0~1.jpg [2010-03-04 22:22:53 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\Awards for Young Musicians.url [2010-03-04 22:17:23 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\The Diploma in Engineering is made up of many parts that you study to get your qualification..url [1 C:\Documents and Settings\user\바탕 화면\*.tmp files -> C:\Documents and Settings\user\바탕 화면\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-03-30 17:25:34 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\바탕 화면\Malwarebytes' Anti-Malware.lnk [2010-03-29 20:23:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\exeHelper.com [2010-03-29 20:14:03 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys [2010-03-28 12:59:29 | 001,666,435 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\dsds.mp3 [2010-03-25 01:06:36 | 000,000,425 | ---- | C] () -- D:\My Documents\6540654의 바로 가기.lnk [2010-03-24 19:29:07 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job [2010-03-21 21:36:24 | 001,004,888 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\oh_happy_day.pdf [2010-03-20 17:26:27 | 000,000,325 | --S- | C] () -- C:\WINDOWS\System32\2718170913.dat [2010-03-18 22:19:36 | 006,504,448 | ---- | C] () -- C:\Documents and Settings\user\ntuser.dat [2010-03-18 08:30:34 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\바탕 화면\AVG Free 9.0.lnk [2010-03-12 19:20:06 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\Watch Jennifer's Body Online Free , download Jennifersbody - Watch Movies Online For Free Full Movie Downloads.url [2010-03-10 19:53:24 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\타종교안에서의 선교.hwp [2010-03-07 13:22:15 | 000,205,233 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\%EC%98%A5%ED%83%9D%EC%97%B0~1.jpg [2010-03-04 22:23:05 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\Awards for Young Musicians.url [2010-03-04 22:17:42 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\The Diploma in Engineering is made up of many parts that you study to get your qualification..url [2009-11-22 23:55:54 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll [2009-11-22 23:55:53 | 000,008,821 | ---- | C] () -- C:\WINDOWS\System32\np_jpn.ini [2009-11-22 23:55:53 | 000,008,517 | ---- | C] () -- C:\WINDOWS\System32\np_kor.ini [2009-11-22 23:55:53 | 000,008,023 | ---- | C] () -- C:\WINDOWS\System32\np_Eng.ini [2009-11-22 23:55:53 | 000,006,808 | ---- | C] () -- C:\WINDOWS\System32\np_chs.ini [2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2008-11-05 17:56:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\WaveletGrayDecoder.dll [2008-11-05 17:56:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\WindowMoveHook.dll [2008-11-05 17:56:16 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\WaveletColorDecoder.dll [2008-08-23 11:21:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2008-08-23 11:12:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008-07-10 12:56:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DAUMCRYPT.DLL [2008-06-04 10:42:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToonsHook2.dll [2008-01-18 20:17:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll [2008-01-18 19:12:55 | 000,124,432 | ---- | C] () -- C:\WINDOWS\System32\PanInstaller.dll [2008-01-18 19:12:55 | 000,083,480 | ---- | C] () -- C:\WINDOWS\System32\FirstLoad.dll [2008-01-03 22:10:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2007-09-30 09:37:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-09-30 09:37:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-09-30 09:37:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\p3max.dll [2007-07-19 21:43:04 | 000,011,943 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PandoraTVissue2.jpg [2007-06-27 18:59:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\Application Data\dm.ini [2007-06-27 18:59:03 | 000,001,567 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AdobeDLM.log [2007-06-26 19:28:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\KTxtLog.dll [2007-06-26 19:10:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\KNetClient.dll [2007-06-26 19:08:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\KCharUtil.dll [2007-05-25 14:23:56 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ver.ini [2007-04-09 21:53:51 | 000,067,352 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll [2007-03-14 21:10:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\drcheck.dll [2007-03-12 11:09:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-03-11 11:46:50 | 000,000,270 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2007-03-09 21:32:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll [2007-03-09 21:32:24 | 000,016,053 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini [2007-03-09 21:16:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-03-09 21:13:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini [2007-03-09 21:11:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfg.ini [2007-03-09 20:26:08 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-02-06 15:49:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CaptureProtect.dll [2006-12-26 13:20:46 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\p3einsctrl.dll [2006-11-24 13:06:32 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\p3einsweb.dll [2006-01-05 13:43:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ToonsXHook.dll [2004-11-25 16:30:44 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\dmvm.dll [2003-05-19 10:16:48 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\WaveletDecoder.dll [2003-05-19 10:16:48 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\IndexedColorDecoder.dll [2003-03-05 10:57:50 | 000,005,021 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001-08-29 04:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys [2001-08-29 04:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys [2001-08-29 04:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys [2001-08-29 04:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys [1999-01-23 00:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010-03-29 18:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009-02-01 17:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cyworld [2008-04-24 17:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2009-04-25 08:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2007-03-09 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hnc [2007-06-27 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech [2008-04-24 17:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LGSync [2009-06-03 18:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire [2008-04-24 17:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Orbit [2007-07-19 21:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PandoraTV [2009-04-23 20:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung [2007-11-27 03:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YTN [2010-03-30 19:01:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010-03-30 19:03:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < Code: > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004-08-03 17:05:04 | 018,914,088 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004-08-03 15:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS Quote
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 (still continued) color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-03 17:05:04 | 018,914,088 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004-08-03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008-04-14 03:26:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=622932FD07B826D444ABEA042132A516 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 03:26:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=622932FD07B826D444ABEA042132A516 -- C:\WINDOWS\system32\eventlog.dll [2004-08-03 16:53:14 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6FA3D37A0B26E73835D6D8D9B7444284 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2004-08-03 16:53:24 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=28FED80445881BC77D041E8DAAF302D4 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008-04-14 03:26:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=6FCAA8854E38F21CFFFD9C347C80AC04 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008-04-14 03:26:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=6FCAA8854E38F21CFFFD9C347C80AC04 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004-08-03 16:53:26 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=25F1F68AECF4C4D1F71EF5A652EFCAFD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008-04-14 03:26:55 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=74F696324BD2E0623BA6B2E1FBECB5B8 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008-04-14 03:26:55 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=74F696324BD2E0623BA6B2E1FBECB5B8 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2001-08-29 04:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101a.dll [2001-08-17 06:55:56 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd103.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < End of report > Quote
kwikimart Posted March 30, 2010 Author Posted March 30, 2010 THANK YOU SOOO MUCH!!! I KNOW ITS LONG>.............BUT THANK YOU!! Quote
Jelly Bean Posted March 30, 2010 Posted March 30, 2010 Hello and welcome back. I am just going to move your thread to the Malware section ready for the security team to help you out. JB. Quote Rwy'n ceisio fy ngorau......................
Starbuck Posted March 30, 2010 Posted March 30, 2010 Hi kwikimart This is one heavily infected system. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation. Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. For more information read ....Here If you choose to format and reinstall read...... Here Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again. It's your call whether we continue or not. But like i said, there's no guarantee on the outcome. Quote Member of:UNITE
kwikimart Posted March 31, 2010 Author Posted March 31, 2010 oh, so its bad news afterall... :( sorry, i don't quite understad by what you mean by trustworthy? do you mean, that the computer will 'crash' like it did? because i don't do any internet banking or anything that has sensative information in use... so..... i don't know what to do.... and once again, i really can't thank you enough times!!!! Quote
Starbuck Posted March 31, 2010 Posted March 31, 2010 Hi kwikimart i don't do any internet banking or anything that has sensative information in use Then it's not as bad then. By not being trustworthy, we mean that we can only remove what we can find with our tools.... these types of malware are getting better at hiding themselves, so we may miss something. Although we will nuke most of it and hopefully kill it off. When finished it shouldn't crash. if you want to continue, i'd like to run another scan before fixing anything with OTL, this program is designed to search out these types of malware. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista, you may not see this screen Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. If at any time you have problems posting these reports ( because they may be too big) just add them as attachments. Quote Member of:UNITE
kwikimart Posted April 1, 2010 Author Posted April 1, 2010 Hi, erm...like i said that i don't have the desktop, so i used the download section in firefox, in order to activate the different programs and so on... so when downloading i couldn't change the name of combofix. so i downloaded then renamed it...so..... i don't know if that is alright or not...? Quote
Starbuck Posted April 1, 2010 Posted April 1, 2010 so when downloading i couldn't change the name of combofix. so i downloaded then renamed it...so..... i don't know if that is alright or not...? if it runs, it's ok..... try it. like i said that i don't have the desktop, try this and see if you get the desktop icons: If you can get into 'Task Manager'... click on File >>> New Task in the window that comes up type or copy and paste this in: %UserProfile%\desktop then click Ok. It may work. Let me have the combofix report if you get it. Quote Member of:UNITE
kwikimart Posted April 2, 2010 Author Posted April 2, 2010 well, first for the desktop thing, it keeps saying that it couldn't find documents in the C drive?? although i wasn't really looking for that was I?? oh well. iam going to try the combofix now. hopefully it wil work!!! :) Quote
kwikimart Posted April 2, 2010 Author Posted April 2, 2010 The combofix didn't work iam afraid... it may be because iam a firefox?? i don't know, because this message popped up saying about firefox and combo fix being a public programme (?) and i had to click yes or no, so i thought it was the agree statement or something so i clicked yes. and when i run combo fix it pops up with a bunch or errors and then a blue popup from c:/ comes up. (isn't that a commands something?) so i have tried......:( Quote
Starbuck Posted April 2, 2010 Posted April 2, 2010 Hi, Just saw this post be chance.... didn't get a notification for some reason. Let me go through your OTL reports.... i'll post a fix based on what we can see at the moment. Once the fix is run, it may help us with other programs. Back ASAP. Quote Member of:UNITE
Starbuck Posted April 3, 2010 Posted April 3, 2010 (edited) Hi kwikimart Step 1 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure you include the first lot of : ) :Otl SRV - (Wind0wsSrv) -- File not found SRV - (ODBC_Server_2009) -- File not found SRV - (kstationA) -- File not found SRV - (IocationA) -- File not found SRV - (IDESRv) -- File not found SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll () SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll () O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll () O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc) O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found [2010-03-26 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\WebCompass :Files C:\Program Files\Mplus c:\program files\WebGuide :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. Step 2 Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. Click on Start >> Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here. In your next reply, please submit: Otl fix report TDSSKiller.txt Btw: Do you have a windows XP installation disc, if we need it? Thanks. Edited April 3, 2010 by Starbuck Quote Member of:UNITE
kwikimart Posted April 3, 2010 Author Posted April 3, 2010 All processes killed ========== OTL ========== Service Wind0wsSrv stopped successfully! Service Wind0wsSrv deleted successfully! File File not found not found. Service ODBC_Server_2009 stopped successfully! Service ODBC_Server_2009 deleted successfully! File File not found not found. Service kstationA stopped successfully! Service kstationA deleted successfully! File File not found not found. Service IocationA stopped successfully! Service IocationA deleted successfully! File File not found not found. Service IDESRv stopped successfully! Service IDESRv deleted successfully! File File not found not found. Service wcsv stopped successfully! Service wcsv deleted successfully! C:\Program Files\WebCompass\wcsv.dll moved successfully. Error: No service named mgsv was found to stop! Service\Driver key mgsv not found. File C:\Program Files\Mplus\mgsv.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}\ deleted successfully. C:\Program Files\WebCompass\wc_src_1m.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EA9A253-227C-4b03-9DD7-A138E8600430}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EA9A253-227C-4b03-9DD7-A138E8600430}\ deleted successfully. File C:\Program Files\Mplus\mg_src_1g.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90}\ deleted successfully. C:\Program Files\WebCompass\wc_rwd_1p.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F90BB714-01B6-438B-8993-F6E46ACBFA24}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F90BB714-01B6-438B-8993-F6E46ACBFA24}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05c9ea7a-0a69-11de-9c00-000c762886fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ not found. File G:\LaunchU3.exe not found. C:\Program Files\WebCompass folder moved successfully. ========== FILES ========== File\Folder C:\Program Files\Mplus not found. File\Folder c:\program files\WebGuide not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ibm User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 670318 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 51789859 bytes ->Flash cache emptied: 7747 bytes User: user ->Temp folder emptied: 605310 bytes ->Temporary Internet Files folder emptied: 3416050 bytes ->FireFox cache emptied: 37214156 bytes ->Flash cache emptied: 1662 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 39448252 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 3906159 bytes Total Files Cleaned = 131.00 mb [EMPTYFLASH] User: All Users User: Default User User: ibm User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService ->Flash cache emptied: 0 bytes User: user ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.1.37.3 log created on 04032010_144743 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\1269044427_COTT_UK_companion_wrapper[1].jpg not found! File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\135033_1041[1].jpg not found! File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\21763-15[1].js not found! File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\56087079_640[1].jpg not found! File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\aceUAC[1].js not found! Registry entries deleted on Reboot... Quote
kwikimart Posted April 3, 2010 Author Posted April 3, 2010 H!! its me again :) Iam afraid that i don't have a XP disk :( and also for the TDSSKILLER, i couldn't run it. it came up as a command screen where it's like black with stuff on it rather than an actual programme. and when it said to start press any key, so i first pressed the windows and R like you said but it just closed itself, and when i pressed any key, it still closed itself.... Quote
Starbuck Posted April 3, 2010 Posted April 3, 2010 Hi kwikimart Ok, there's obviously more issues going on here. If this doesn't work ( which it may not as you don't have an OS disc) i hope you have a recovery partition. As the only hope will be to reformat and reinstall. Try running the System File Checker (SFC) to scan all protected files to verify their versions. If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version of the file from the cache folder. You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD ..so have it available. Use Task Manager ... New Task... and type: sfc /scannow Make sure that you include a space between the c and /. This command will initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files. Sometimes it will ask for the disc, sometimes it doesn't. Let's keep our fingers crossed. Quote Member of:UNITE
kwikimart Posted April 4, 2010 Author Posted April 4, 2010 Sorry!! before i do this for the TDSSKILLER one more time and i think it might have worked!! and it still came up with the command pop up, but it said that it scanned the services, and the kernel memory.. then completed and the results were: memory objects infected/cured/cured on reboot: 0/0/0 registry objects infected/ cured / cured on reboot: 0/0/0 file objects infected/ cured / cured on reboot 0/0/0 and then to continue press any key.... so i rebooted the system again, but still there are loads of pop ups keeping on saying error so......i don't know if it worked or not? Quote
Starbuck Posted April 4, 2010 Posted April 4, 2010 Try running the System File Checker now and let me know how it goes. Quote Member of:UNITE
kwikimart Posted April 5, 2010 Author Posted April 5, 2010 I tried to do the system file checker, but i couldn't find it? is it probably because iam not logged in as admin? but when i tried to log in to admin, i couldn't because when i logged off, the 'names' i could log in to were just 'user' and no admininastrator.. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.