Jump to content

Recommended Posts

Posted

I've got an error on my computer, it keeps saying i can't do this or that because i have got msls52.dll missing. But the pop up just keeps coming up and i keep press okay and then it goes and allows me to do what i do.

(but there is nothing on the screen of course except my groovy screen saver :)

 

and i tried opening task manager, and and looked for restore, etc in the files but nothing could be found, and now iam currently on the task manager on the internet doing this, trying to get some help!! i've tried putting it in safe mode and the uknown configuration but there is nothing on the screen again, and the error keeps popping up :( PLEASE HELP!!!

I am tearing my hair out...

 

 

 

 

p.s i think what the problem to this was, my AV (?) detected some virus? this

trogan horse thing, and i just pressed close, but it just constantly came up

so i pressed moved to vaults,( but not heal or delete) and it said that i had to restart my

computer which i did, and ever since it is like this......

  • Replies 29
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Step 1

 

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

 

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

    [*]On the Scanner tab:

    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.

    [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

    [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

    [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

    [*]Click OK to close the message box and continue with the removal process.

    [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

    [*]Make sure that everything is checked, and click Remove Selected.

    [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

    [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

    [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

 

Step 3

  • Download OTL to your desktop.
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

 

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png

  • Now copy the lines in the codebox below.
    Code:
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:

MBAM scan report

Both reports from OTL

 

 

Thanks.

Rwy'n ceisio fy ngorau......................
Posted

Hi THANK YOU SO MUCH!

 

i have so far tried up to the step 2.

but still i have no icons, the start bar or anything and the error message keeps

coming up as usual, or actually more for some reason.

But thankfully it still allows me to do what i wanted to do, after a while of tapping on enter.

 

i shall copy and paste the log.

 

Malwarebytes' Anti-Malware 1.45

Malwarebytes

 

Database version: 3933

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-03-30 오후 6:58:25

mbam-log-2010-03-30 (18-58-25).txt

 

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)

Objects scanned: 162319

Time elapsed: 1 hour(s), 26 minute(s), 18 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 22

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 7

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4dw4r3 (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rewardband.Band (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\RewardBHO.Bar (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShopGuide (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

 

Folders Infected:

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

 

Files Infected:

C:\Program Files\Mplus\mg_rwd_1g.dll (Adware.MPlus) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2D2822F2-CC8B-49C0-B36D-5EC19ADABC02}\RP9\A0002104.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\altv.gyo (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

 

 

 

and i have also rebooted....

i hope this makes any sense to you, cause it doesn't to me :s

 

 

your help is much apprecitated!!!

i'll tell you how i get on with step 3

Posted

OTL logfile created on: 2010-03-30 오후 7:34:28 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\바탕 화면

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

 

511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 15.92 Gb Total Space | 5.42 Gb Free Space | 34.04% Space Free | Partition Type: NTFS

Drive D: | 58.61 Gb Total Space | 25.82 Gb Free Space | 44.06% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PB

Current User Name: user

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Wind0wsSrv) -- File not found

SRV - (ODBC_Server_2009) -- File not found

SRV - (kstationA) -- File not found

SRV - (IocationA) -- File not found

SRV - (IDESRv) -- File not found

SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll ()

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll ()

SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)

DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)

DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)

DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)

DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (w****b) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobespanVirata Inc.)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Daum - ìƒí™œì´ ë°”ë€ë‹¤! Life On Daum

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "www.daum.net"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-03-19 18:00:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-23 20:52:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-20 15:09:41 | 000,000,000 | ---D | M]

 

[2008-07-22 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2010-03-28 22:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions

[2009-09-14 23:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-01-27 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\searchrecs@veoh.com

[2008-07-22 20:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008-10-28 22:46:05 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml

[2008-10-28 22:46:05 | 000,003,396 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml

[2008-10-28 22:46:05 | 000,002,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml

[2008-10-28 22:46:05 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml

[2008-10-28 22:46:05 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml

 

O1 HOSTS File: ([2001-08-29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc)

O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] D:\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab (CyImage2Ctl Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB (Tpwin Control)

O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab (NHNComicViewer Class)

O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} http://image.pullbbang.com/newTop/Pull0Control.ocx (Pull0PlayerX Control)

O16 - DPF: {4AFE617E-ABD5-48F2-9107-774310802352} http://img.cyworld.com/img/video_v3/tvon/CyTVAxLauncher_V12.CAB (CyTVAx Class)

O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab (MaxHelper Control)

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604 (CyImage Class)

O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10 (Cdmcco Class)

O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.diodeo.com/ActiveDiodeoPlayer.cab (MagicLockOCX Control)

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2 (Daum ActiveX manager Class)

O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab (SBSWebPlayer Class)

O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,22 (CAFE multiupload control)

O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} http://rc.puppyred.com/init.cab (InitOcx Control)

O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} http://cyimg7.cyworld.nate.com/cymusic/package/cyinstal.cab (PcubeSet Class)

O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab (Pandora_SetUp Control)

O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} http://www.50yb.com/player/forceplayer.cab (CPPMediaCtrl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (현재 홈 페이지) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-03-09 20:01:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun

O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun

O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Posted

OTL logfile created on: 2010-03-30 오후 7:34:28 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\바탕 화면

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

 

511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 15.92 Gb Total Space | 5.42 Gb Free Space | 34.04% Space Free | Partition Type: NTFS

Drive D: | 58.61 Gb Total Space | 25.82 Gb Free Space | 44.06% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PB

Current User Name: user

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Wind0wsSrv) -- File not found

SRV - (ODBC_Server_2009) -- File not found

SRV - (kstationA) -- File not found

SRV - (IocationA) -- File not found

SRV - (IDESRv) -- File not found

SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll ()

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll ()

SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)

DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)

DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)

DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)

DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (w****b) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobespanVirata Inc.)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Daum - ìƒí™œì´ ë°”ë€ë‹¤! Life On Daum

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "www.daum.net"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-03-19 18:00:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-23 20:52:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-20 15:09:41 | 000,000,000 | ---D | M]

 

[2008-07-22 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2010-03-28 22:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions

[2009-09-14 23:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-01-27 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\searchrecs@veoh.com

[2008-07-22 20:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008-10-28 22:46:05 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml

[2008-10-28 22:46:05 | 000,003,396 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml

[2008-10-28 22:46:05 | 000,002,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml

[2008-10-28 22:46:05 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml

[2008-10-28 22:46:05 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml

 

O1 HOSTS File: ([2001-08-29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc)

O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] D:\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab (CyImage2Ctl Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB (Tpwin Control)

O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab (NHNComicViewer Class)

O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} http://image.pullbbang.com/newTop/Pull0Control.ocx (Pull0PlayerX Control)

O16 - DPF: {4AFE617E-ABD5-48F2-9107-774310802352} http://img.cyworld.com/img/video_v3/tvon/CyTVAxLauncher_V12.CAB (CyTVAx Class)

O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab (MaxHelper Control)

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604 (CyImage Class)

O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10 (Cdmcco Class)

O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.diodeo.com/ActiveDiodeoPlayer.cab (MagicLockOCX Control)

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2 (Daum ActiveX manager Class)

O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab (SBSWebPlayer Class)

O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,22 (CAFE multiupload control)

O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} http://rc.puppyred.com/init.cab (InitOcx Control)

O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} http://cyimg7.cyworld.nate.com/cymusic/package/cyinstal.cab (PcubeSet Class)

O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab (Pandora_SetUp Control)

O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} http://www.50yb.com/player/forceplayer.cab (CPPMediaCtrl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (현재 홈 페이지) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-03-09 20:01:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun

O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun

O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Posted

here is the rest... (SORRY!!)

 

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-03-09 20:01:22 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (11543867069300736)

 

========== Files/Folders - Created Within 30 Days ==========

Posted

(Continued.... still)

 

 

[2010-03-30 19:33:23 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\OTL.exe

[2010-03-30 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes

[2010-03-30 17:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-30 17:25:26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-30 17:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010-03-30 17:23:35 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\바탕 화면\mbam-setup-1.45.exe

[2010-03-30 17:13:28 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\TFC.exe

[2010-03-29 20:04:17 | 000,926,552 | ---- | C] (Prevx) -- C:\Documents and Settings\user\바탕 화면\PREVXCSIFREE.EXE

[2010-03-26 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\WebCompass

[2010-03-26 00:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2010-03-26 00:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Office Genuine Advantage

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2010-03-25 02:13:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2010-03-24 19:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010-03-19 18:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010-03-19 18:19:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010-03-18 08:31:11 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010-03-18 08:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010-03-18 08:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010-03-18 08:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010-03-18 08:08:42 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\user\바탕 화면\avg_free_stb_all_9_40_cnet.exe

[2010-03-18 07:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010-03-11 19:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010-03-11 11:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010-03-11 11:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010-03-10 22:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010-03-10 19:53:33 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010-03-08 22:02:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IECompatCache

[2010-03-08 16:34:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\PrivacIE

[2010-03-08 16:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\IETldCache

[2010-03-08 14:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010-03-08 14:11:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010-03-08 14:09:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010-03-08 13:56:59 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010-03-08 13:56:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010-03-08 13:56:54 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2010-03-08 13:56:43 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009-08-08 22:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft

[2009-04-29 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[1 C:\Documents and Settings\user\바탕 화면\*.tmp files -> C:\Documents and Settings\user\바탕 화면\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-03-30 19:33:24 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\OTL.exe

[2010-03-30 19:03:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010-03-30 19:01:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010-03-30 19:01:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-03-30 19:01:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-03-30 19:01:10 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys

[2010-03-30 18:59:59 | 006,504,448 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat

[2010-03-30 18:59:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini

[2010-03-30 17:28:28 | 058,253,661 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-03-30 17:25:34 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\바탕 화면\Malwarebytes' Anti-Malware.lnk

[2010-03-30 17:23:52 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\바탕 화면\mbam-setup-1.45.exe

[2010-03-30 17:13:30 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\바탕 화면\TFC.exe

[2010-03-29 20:23:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\exeHelper.com

[2010-03-29 20:04:17 | 000,926,552 | ---- | M] (Prevx) -- C:\Documents and Settings\user\바탕 화면\PREVXCSIFREE.EXE

[2010-03-29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-29 07:21:17 | 000,439,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-03-29 07:21:17 | 000,240,230 | ---- | M] () -- C:\WINDOWS\System32\perfh012.dat

[2010-03-29 07:21:17 | 000,069,348 | ---- | M] () -- C:\WINDOWS\System32\perfc012.dat

[2010-03-29 07:21:17 | 000,069,348 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-03-29 07:21:16 | 000,832,756 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-03-28 12:59:32 | 001,666,435 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\dsds.mp3

[2010-03-26 00:26:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-03-25 01:06:36 | 000,000,425 | ---- | M] () -- D:\My Documents\6540654의 바로 가기.lnk

[2010-03-24 20:06:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-03-22 19:24:35 | 000,000,325 | --S- | M] () -- C:\WINDOWS\System32\2718170913.dat

[2010-03-21 21:36:27 | 001,004,888 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\oh_happy_day.pdf

[2010-03-18 08:30:47 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-03-18 08:30:47 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-03-18 08:30:47 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2010-03-18 08:30:47 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-03-18 08:30:34 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\바탕 화면\AVG Free 9.0.lnk

[2010-03-18 08:30:32 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2010-03-18 08:30:32 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-03-18 08:08:43 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\user\바탕 화면\avg_free_stb_all_9_40_cnet.exe

[2010-03-13 00:54:01 | 000,000,650 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-03-12 19:19:47 | 000,000,270 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\Watch Jennifer's Body Online Free , download Jennifersbody - Watch Movies Online For Free Full Movie Downloads.url

[2010-03-12 19:07:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-03-11 18:28:42 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-03-10 19:53:27 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\타종교안에서의 선교.hwp

[2010-03-07 13:14:27 | 000,205,233 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\%EC%98%A5%ED%83%9D%EC%97%B0~1.jpg

[2010-03-04 22:22:53 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\Awards for Young Musicians.url

[2010-03-04 22:17:23 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\user\바탕 화면\The Diploma in Engineering is made up of many parts that you study to get your qualification..url

[1 C:\Documents and Settings\user\바탕 화면\*.tmp files -> C:\Documents and Settings\user\바탕 화면\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-03-30 17:25:34 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\바탕 화면\Malwarebytes' Anti-Malware.lnk

[2010-03-29 20:23:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\exeHelper.com

[2010-03-29 20:14:03 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys

[2010-03-28 12:59:29 | 001,666,435 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\dsds.mp3

[2010-03-25 01:06:36 | 000,000,425 | ---- | C] () -- D:\My Documents\6540654의 바로 가기.lnk

[2010-03-24 19:29:07 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job

[2010-03-21 21:36:24 | 001,004,888 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\oh_happy_day.pdf

[2010-03-20 17:26:27 | 000,000,325 | --S- | C] () -- C:\WINDOWS\System32\2718170913.dat

[2010-03-18 22:19:36 | 006,504,448 | ---- | C] () -- C:\Documents and Settings\user\ntuser.dat

[2010-03-18 08:30:34 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\바탕 화면\AVG Free 9.0.lnk

[2010-03-12 19:20:06 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\Watch Jennifer's Body Online Free , download Jennifersbody - Watch Movies Online For Free Full Movie Downloads.url

[2010-03-10 19:53:24 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\타종교안에서의 선교.hwp

[2010-03-07 13:22:15 | 000,205,233 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\%EC%98%A5%ED%83%9D%EC%97%B0~1.jpg

[2010-03-04 22:23:05 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\Awards for Young Musicians.url

[2010-03-04 22:17:42 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\user\바탕 화면\The Diploma in Engineering is made up of many parts that you study to get your qualification..url

[2009-11-22 23:55:54 | 000,596,512 | ---- | C] () -- C:\WINDOWS\System32\INICRYPTOSDK.dll

[2009-11-22 23:55:53 | 000,008,821 | ---- | C] () -- C:\WINDOWS\System32\np_jpn.ini

[2009-11-22 23:55:53 | 000,008,517 | ---- | C] () -- C:\WINDOWS\System32\np_kor.ini

[2009-11-22 23:55:53 | 000,008,023 | ---- | C] () -- C:\WINDOWS\System32\np_Eng.ini

[2009-11-22 23:55:53 | 000,006,808 | ---- | C] () -- C:\WINDOWS\System32\np_chs.ini

[2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2008-11-05 17:56:17 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\WaveletGrayDecoder.dll

[2008-11-05 17:56:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\WindowMoveHook.dll

[2008-11-05 17:56:16 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\WaveletColorDecoder.dll

[2008-08-23 11:21:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2008-08-23 11:12:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2008-07-10 12:56:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DAUMCRYPT.DLL

[2008-06-04 10:42:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToonsHook2.dll

[2008-01-18 20:17:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CSDLGE1LIB.dll

[2008-01-18 19:12:55 | 000,124,432 | ---- | C] () -- C:\WINDOWS\System32\PanInstaller.dll

[2008-01-18 19:12:55 | 000,083,480 | ---- | C] () -- C:\WINDOWS\System32\FirstLoad.dll

[2008-01-03 22:10:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2007-09-30 09:37:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007-09-30 09:37:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-09-30 09:37:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\p3max.dll

[2007-07-19 21:43:04 | 000,011,943 | ---- | C] () -- C:\Documents and Settings\user\Application Data\PandoraTVissue2.jpg

[2007-06-27 18:59:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\Application Data\dm.ini

[2007-06-27 18:59:03 | 000,001,567 | ---- | C] () -- C:\Documents and Settings\user\Application Data\AdobeDLM.log

[2007-06-26 19:28:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\KTxtLog.dll

[2007-06-26 19:10:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\KNetClient.dll

[2007-06-26 19:08:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\KCharUtil.dll

[2007-05-25 14:23:56 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ver.ini

[2007-04-09 21:53:51 | 000,067,352 | ---- | C] () -- C:\WINDOWS\System32\CMListControl.dll

[2007-03-14 21:10:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\drcheck.dll

[2007-03-12 11:09:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-03-11 11:46:50 | 000,000,270 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2007-03-09 21:32:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll

[2007-03-09 21:32:24 | 000,016,053 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini

[2007-03-09 21:16:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007-03-09 21:13:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\Hjimesv.ini

[2007-03-09 21:11:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\winhcfg.ini

[2007-03-09 20:26:08 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007-02-06 15:49:50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CaptureProtect.dll

[2006-12-26 13:20:46 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\p3einsctrl.dll

[2006-11-24 13:06:32 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\p3einsweb.dll

[2006-01-05 13:43:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ToonsXHook.dll

[2004-11-25 16:30:44 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\dmvm.dll

[2003-05-19 10:16:48 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\WaveletDecoder.dll

[2003-05-19 10:16:48 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\IndexedColorDecoder.dll

[2003-03-05 10:57:50 | 000,005,021 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001-08-29 04:00:00 | 000,192,560 | ---- | C] () -- C:\WINDOWS\System32\hfont.sys

[2001-08-29 04:00:00 | 000,056,505 | ---- | C] () -- C:\WINDOWS\System32\hbios.sys

[2001-08-29 04:00:00 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\disp_win.sys

[2001-08-29 04:00:00 | 000,000,793 | ---- | C] () -- C:\WINDOWS\System32\font_win.sys

[1999-01-23 00:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

========== LOP Check ==========

 

[2010-03-29 18:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009-02-01 17:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cyworld

[2008-04-24 17:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success

[2009-04-25 08:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2007-03-09 22:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Hnc

[2007-06-27 19:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech

[2008-04-24 17:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LGSync

[2009-06-03 18:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire

[2008-04-24 17:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Orbit

[2007-07-19 21:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PandoraTV

[2009-04-23 20:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung

[2007-11-27 03:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YTN

[2010-03-30 19:01:31 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2010-03-30 19:03:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< Code: >

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004-08-03 17:05:04 | 018,914,088 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004-08-04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[2004-08-03 15:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS

Posted

(still continued)

 

 

color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]

[2004-08-03 17:05:04 | 018,914,088 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009-05-08 11:42:16 | 024,351,158 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004-08-03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004-08-03 14:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008-04-14 03:26:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=622932FD07B826D444ABEA042132A516 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008-04-14 03:26:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=622932FD07B826D444ABEA042132A516 -- C:\WINDOWS\system32\eventlog.dll

[2004-08-03 16:53:14 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6FA3D37A0B26E73835D6D8D9B7444284 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 

< MD5 for: NETLOGON.DLL >

[2004-08-03 16:53:24 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=28FED80445881BC77D041E8DAAF302D4 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008-04-14 03:26:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=6FCAA8854E38F21CFFFD9C347C80AC04 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008-04-14 03:26:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=6FCAA8854E38F21CFFFD9C347C80AC04 -- C:\WINDOWS\system32\netlogon.dll

 

< MD5 for: SCECLI.DLL >

[2004-08-03 16:53:26 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=25F1F68AECF4C4D1F71EF5A652EFCAFD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008-04-14 03:26:55 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=74F696324BD2E0623BA6B2E1FBECB5B8 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008-04-14 03:26:55 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=74F696324BD2E0623BA6B2E1FBECB5B8 -- C:\WINDOWS\system32\scecli.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2001-08-29 04:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd101a.dll

[2001-08-17 06:55:56 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\kbd103.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

Posted

Hello and welcome back.

 

I am just going to move your thread to the Malware section ready for the security team to help you out.

 

JB.

Rwy'n ceisio fy ngorau......................
Posted

Hi kwikimart

 

This is one heavily infected system.

 

It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done.

 

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

 

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

 

For more information read ....Here

If you choose to format and reinstall read...... Here

 

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

 

It's your call whether we continue or not.

But like i said, there's no guarantee on the outcome.

Member of:

UNITE

Posted

oh, so its bad news afterall... :(

 

 

sorry, i don't quite understad by what you mean by trustworthy?

do you mean, that the computer will 'crash' like it did?

because i don't do any internet banking or anything that has sensative information in use...

so..... i don't know what to do....

 

 

 

and once again, i really can't thank you enough times!!!!

Posted

Hi kwikimart

 

i don't do any internet banking or anything that has sensative information in use
Then it's not as bad then.

By not being trustworthy, we mean that we can only remove what we can find with our tools.... these types of malware are getting better at hiding themselves, so we may miss something. Although we will nuke most of it and hopefully kill it off.

When finished it shouldn't crash.

 

if you want to continue, i'd like to run another scan before fixing anything with OTL, this program is designed to search out these types of malware.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If running Vista, you may not see this screen
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

If at any time you have problems posting these reports ( because they may be too big) just add them as attachments.

Member of:

UNITE

Posted

Hi,

erm...like i said that i don't have the desktop, so i used the download section in firefox,

in order to activate the different programs and so on...

 

 

so when downloading i couldn't change the name of combofix.

so i downloaded then renamed it...so..... i don't know if that is alright or not...?

Posted
so when downloading i couldn't change the name of combofix.

so i downloaded then renamed it...so..... i don't know if that is alright or not...?

if it runs, it's ok..... try it.

 

like i said that i don't have the desktop,
try this and see if you get the desktop icons:

If you can get into 'Task Manager'...

click on File >>> New Task

in the window that comes up type or copy and paste this in:

 

%UserProfile%\desktop

then click Ok.

It may work.

Let me have the combofix report if you get it.

Member of:

UNITE

Posted

well, first for the desktop thing, it keeps saying that it couldn't find documents in the C drive??

although i wasn't really looking for that was I??

 

 

oh well.

iam going to try the combofix now.

hopefully it wil work!!! :)

Posted

The combofix didn't work iam afraid...

it may be because iam a firefox?? i don't know, because this message popped up

saying about firefox and combo fix being a public programme (?)

and i had to click yes or no, so i thought it was the agree statement or something so i clicked yes.

 

 

 

and when i run combo fix it pops up with a bunch or errors

and then a blue popup from c:/ comes up. (isn't that a commands something?)

 

so i have tried......:(

Posted

Hi,

 

Just saw this post be chance.... didn't get a notification for some reason.

Let me go through your OTL reports.... i'll post a fix based on what we can see at the moment.

Once the fix is run, it may help us with other programs.

Back ASAP.

Member of:

UNITE

Posted (edited)

Hi kwikimart

 

Step 1

Double click on OTL.exe to run it.

Copy the lines in the codebox below. (make sure you include the first lot of : )

:Otl
SRV - (Wind0wsSrv) -- File not found
SRV - (ODBC_Server_2009) -- File not found
SRV - (kstationA) -- File not found
SRV - (IocationA) -- File not found
SRV - (IDESRv) -- File not found
SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll ()
SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll ()
O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll ()
O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc)
O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun
O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun
O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2010-03-26 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\WebCompass

:Files
C:\Program Files\Mplus
c:\program files\WebGuide

:commands
[emptytemp]
[purity]
[EMPTYFLASH]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

Step 2

Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Click on Start >> Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
     
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
     
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

 

In your next reply, please submit:

Otl fix report

TDSSKiller.txt

 

Btw:

Do you have a windows XP installation disc, if we need it?

 

Thanks.

Edited by Starbuck

Member of:

UNITE

Posted

All processes killed

========== OTL ==========

Service Wind0wsSrv stopped successfully!

Service Wind0wsSrv deleted successfully!

File File not found not found.

Service ODBC_Server_2009 stopped successfully!

Service ODBC_Server_2009 deleted successfully!

File File not found not found.

Service kstationA stopped successfully!

Service kstationA deleted successfully!

File File not found not found.

Service IocationA stopped successfully!

Service IocationA deleted successfully!

File File not found not found.

Service IDESRv stopped successfully!

Service IDESRv deleted successfully!

File File not found not found.

Service wcsv stopped successfully!

Service wcsv deleted successfully!

C:\Program Files\WebCompass\wcsv.dll moved successfully.

Error: No service named mgsv was found to stop!

Service\Driver key mgsv not found.

File C:\Program Files\Mplus\mgsv.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}\ deleted successfully.

C:\Program Files\WebCompass\wc_src_1m.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EA9A253-227C-4b03-9DD7-A138E8600430}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EA9A253-227C-4b03-9DD7-A138E8600430}\ deleted successfully.

File C:\Program Files\Mplus\mg_src_1g.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90}\ deleted successfully.

C:\Program Files\WebCompass\wc_rwd_1p.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F90BB714-01B6-438B-8993-F6E46ACBFA24}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F90BB714-01B6-438B-8993-F6E46ACBFA24}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05c9ea7a-0a69-11de-9c00-000c762886fc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af37c64b-fd9d-11dd-9beb-000c762886fc}\ not found.

File G:\LaunchU3.exe not found.

C:\Program Files\WebCompass folder moved successfully.

========== FILES ==========

File\Folder C:\Program Files\Mplus not found.

File\Folder c:\program files\WebGuide not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ibm

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 670318 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 51789859 bytes

->Flash cache emptied: 7747 bytes

 

User: user

->Temp folder emptied: 605310 bytes

->Temporary Internet Files folder emptied: 3416050 bytes

->FireFox cache emptied: 37214156 bytes

->Flash cache emptied: 1662 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 39448252 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3906159 bytes

 

Total Files Cleaned = 131.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

 

User: ibm

 

User: LocalService

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

User: user

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.1.37.3 log created on 04032010_144743

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\1269044427_COTT_UK_companion_wrapper[1].jpg not found!

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\135033_1041[1].jpg not found!

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\21763-15[1].js not found!

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\56087079_640[1].jpg not found!

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VX2L7S8S\aceUAC[1].js not found!

 

Registry entries deleted on Reboot...

Posted

H!! its me again :)

 

 

Iam afraid that i don't have a XP disk :(

and also for the TDSSKILLER, i couldn't run it.

it came up as a command screen where it's like black with stuff on it

rather than an actual programme.

and when it said to start press any key, so i first pressed the windows and R like you said

but it just closed itself, and when i pressed any key, it still closed itself....

Posted

Hi kwikimart

 

Ok, there's obviously more issues going on here.

If this doesn't work ( which it may not as you don't have an OS disc) i hope you have a recovery partition.

As the only hope will be to reformat and reinstall.

 

Try running the System File Checker (SFC) to scan all protected files to verify their versions. If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version of the file from the cache folder.

You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD ..so have it available.

 

Use Task Manager ... New Task... and type: sfc /scannow

 

Make sure that you include a space between the c and /.

This command will initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files.

 

Sometimes it will ask for the disc, sometimes it doesn't.

Let's keep our fingers crossed.

Member of:

UNITE

Posted

Sorry!! before i do this for the TDSSKILLER one more time

and i think it might have worked!! and it still came up with the command pop up, but it said

that it scanned the services, and the kernel memory..

 

then completed

 

 

and the results were: memory objects infected/cured/cured on reboot: 0/0/0

registry objects infected/ cured / cured on reboot: 0/0/0

file objects infected/ cured / cured on reboot 0/0/0

 

and then to continue press any key....

 

 

so i rebooted the system again, but still there are loads of pop ups keeping on saying error

so......i don't know if it worked or not?

Posted

I tried to do the system file checker, but i couldn't find it?

is it probably because iam not logged in as admin?

but when i tried to log in to admin, i couldn't because when i logged off,

the 'names' i could log in to were just 'user' and no admininastrator..

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...