missing msls52.dll and i just end up on a empty screen saver... :(

kwikimart · March 29, 2010

I've got an error on my computer, it keeps saying i can't do this or that because i have got msls52.dll missing. But the pop up just keeps coming up and i keep press okay and then it goes and allows me to do what i do.

(but there is nothing on the screen of course except my groovy screen saver :)

and i tried opening task manager, and and looked for restore, etc in the files but nothing could be found, and now iam currently on the task manager on the internet doing this, trying to get some help!! i've tried putting it in safe mode and the uknown configuration but there is nothing on the screen again, and the error keeps popping up :( PLEASE HELP!!!

I am tearing my hair out...

p.s i think what the problem to this was, my AV (?) detected some virus? this

trogan horse thing, and i just pressed close, but it just constantly came up

so i pressed moved to vaults,( but not heal or delete) and it said that i had to restart my

computer which i did, and ever since it is like this......

Jelly Bean · March 29, 2010

Step 1

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 3

Download OTL to your desktop.
if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png

Now copy the lines in the codebox below.
Code:
netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:

MBAM scan report

Both reports from OTL

Thanks.

kwikimart · March 30, 2010

Hi THANK YOU SO MUCH!

i have so far tried up to the step 2.

but still i have no icons, the start bar or anything and the error message keeps

coming up as usual, or actually more for some reason.

But thankfully it still allows me to do what i wanted to do, after a while of tapping on enter.

i shall copy and paste the log.

Malwarebytes' Anti-Malware 1.45

Malwarebytes

Database version: 3933

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2010-03-30 오후 6:58:25

mbam-log-2010-03-30 (18-58-25).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)

Objects scanned: 162319

Time elapsed: 1 hour(s), 26 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 22

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4465bf12-801f-449c-aa43-b01fca95b830} (Adware.MPlus) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4dw4r3 (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rewardband.Band (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\RewardBHO.Bar (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShopGuide (Adware.Rewardnet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3cb0cf42-da54-47d2-8999-23928a2dea42} (Adware.Rewardnet) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:

C:\Program Files\Mplus\mg_rwd_1g.dll (Adware.MPlus) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{2D2822F2-CC8B-49C0-B36D-5EC19ADABC02}\RP9\A0002104.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\altv.gyo (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.

and i have also rebooted....

i hope this makes any sense to you, cause it doesn't to me :s

your help is much apprecitated!!!

i'll tell you how i get on with step 3

kwikimart · March 30, 2010

OTL logfile created on: 2010-03-30 오후 7:34:28 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\user\바탕 화면

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

511.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 28.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 15.92 Gb Total Space | 5.42 Gb Free Space | 34.04% Space Free | Partition Type: NTFS

Drive D: | 58.61 Gb Total Space | 25.82 Gb Free Space | 44.06% Space Free | Partition Type: NTFS

Unable to calculate disk information.

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PB

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\바탕 화면\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Wind0wsSrv) -- File not found

SRV - (ODBC_Server_2009) -- File not found

SRV - (kstationA) -- File not found

SRV - (IocationA) -- File not found

SRV - (IDESRv) -- File not found

SRV - (wcsv) -- C:\Program Files\WebCompass\wcsv.dll ()

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (npkcmsvc) -- C:\WINDOWS\system32\npkcmsvc.exe (INCA Internet Co., Ltd.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (vvdsvc) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (mgsv) -- C:\Program Files\Mplus\mgsv.dll ()

SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)

========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (npkakl) -- C:\WINDOWS\system32\npkakl.sys (INCA Internet Co.,Ltd.)

DRV - (npkcrypt) -- C:\WINDOWS\system32\npkcrypt.sys (INCA Internet Co., Ltd.)

DRV - (StarOpen) -- C:\WINDOWS\system32\drivers\StarOpen.sys ()

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)

DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)

DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)

DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)

DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)

DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)

DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (w****b) -- C:\WINDOWS\system32\drivers\gwausb.sys (GlobespanVirata Inc.)

DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Daum - ìƒí™œì´ ë°”ë€ë‹¤! Life On Daum

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "www.daum.net"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-03-19 18:00:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-23 20:52:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-20 15:09:41 | 000,000,000 | ---D | M]

[2008-07-22 20:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2010-03-28 22:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions

[2009-09-14 23:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-01-27 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ao9fvfgf.default\extensions\searchrecs@veoh.com

[2008-07-22 20:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008-10-28 22:46:05 | 000,004,573 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\danawa-kr.xml

[2008-10-28 22:46:05 | 000,003,396 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\daum-kr.xml

[2008-10-28 22:46:05 | 000,002,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\naver-kr.xml

[2008-10-28 22:46:05 | 000,001,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-kr.xml

[2008-10-28 22:46:05 | 000,000,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-kr.xml

O1 HOSTS File: ([2001-08-29 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (WebCompass Search Class) - {2D3BA117-A67B-4BE3-B692-A0F399E7EBC3} - C:\Program Files\WebCompass\wc_src_1m.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Mplus Search Class) - {8EA9A253-227C-4b03-9DD7-A138E8600430} - C:\Program Files\Mplus\mg_src_1g.dll ()

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (WebCompass Reward Class) - {EA1B77B3-505A-4F0D-95A2-EB7C46F7FE90} - C:\Program Files\WebCompass\wc_rwd_1p.dll (Datawave System Inc)

O2 - BHO: (WebGuide Class) - {F90BB714-01B6-438B-8993-F6E46ACBFA24} - c:\program files\WebGuide\webguide7a_C.dll File not found

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] D:\qttask.exe (Apple Inc.)

O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\시작 메뉴\프로그램\시작프로그램\Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab (CyImage2Ctl Class)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB (Tpwin Control)

O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab (NHNComicViewer Class)

O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} http://image.pullbbang.com/newTop/Pull0Control.ocx (Pull0PlayerX Control)

O16 - DPF: {4AFE617E-ABD5-48F2-9107-774310802352} http://img.cyworld.com/img/video_v3/tvon/CyTVAxLauncher_V12.CAB (CyTVAx Class)

O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} http://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab (MaxHelper Control)

O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604 (CyImage Class)

O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10 (Cdmcco Class)

O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} http://www.diodeo.com/ActiveDiodeoPlayer.cab (MagicLockOCX Control)

O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,2 (Daum ActiveX manager Class)

O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab (SBSWebPlayer Class)

O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} http://www.mgoon.com/launcher.cab (Mgoon Launcher Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,22 (CAFE multiupload control)

O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} http://rc.puppyred.com/init.cab (InitOcx Control)

O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} http://cyimg7.cyworld.nate.com/cymusic/package/cyinstal.cab (PcubeSet Class)

O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab (Pandora_SetUp Control)

O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} http://www.50yb.com/player/forceplayer.cab (CPPMediaCtrl Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (현재 홈 페이지) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-03-09 20:01:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{05c9ea7a-0a69-11de-9c00-000c762886fc}\Shell - "" = AutoRun

O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell - "" = AutoRun

O33 - MountPoints2\{af37c64b-fd9d-11dd-9beb-000c762886fc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

kwikimart · March 30, 2010