ziegfried2
Posts: 26 +0
I suddenly wasn't able to log in through facebook like I did,
so I am starting new post, sorry.
and I am sorry I ran unnecessary scan, and we're clear on your rules.
here are my results:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.23.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
shin kim :: MUSHI2 [administrator]
7/23/2012 7:27:41 PM
mbam-log-2012-07-23 (19-27-41).txt
Scan type: Full scan (C:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 480469
Time elapsed: 1 hour(s), 3 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\Microsource\Microsource.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.23.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
shin kim :: MUSHI2 [administrator]
7/23/2012 7:09:51 PM
mbam-log-2012-07-23 (19-09-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243884
Time elapsed: 12 minute(s), 48 second(s)
Memory Processes Detected: 1
C:\Program Files (x86)\Microsource\Microsource_se.exe (Adware.SupportBar) -> 1156 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 14
HKLM\SYSTEM\CurrentControlSet\Services\Microsource Update Service (Adware.SupportBar) -> Quarantined and deleted successfully.
HKCR\CLSID\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7BA6DF99-65C4-4135-8FF2-6AECC28D0AAF} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\Interface\{88F1E09F-3F83-42C5-9277-3CD45D52B891} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\ADPopup.AdPopupB.1 (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\ADPopup.AdPopupB (Adware.CySearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsource (Adware.SupportBar) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Program Files (x86)\Microsource\Microsource_se.exe (Adware.SupportBar) -> Delete on reboot.
C:\Program Files (x86)\ESTsoft\ALShopping\ALShoppingBho.dll (Adware.GreenOPen) -> Quarantined and deleted successfully.
C:\Supportbar_nas.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
C:\Windows\Microsource_uninstaller.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
(end)
======================== above 2 were malwarebyte log ============================
the top one is full scan that I ran before I posted on this forum
so I apologize for 2 logs
====no log from GMER====
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by shin kim at 22:30:58 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7600.0.949.82.1033.18.8183.6138 [GMT -7:00]
.
AV: 알약 *Disabled/Updated* {78D70EA9-5CF2-58F4-85C5-F4B097655D94}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 알약 *Disabled/Updated* {C3B6EF4D-7AC8-577A-BF75-CFC2ECE21729}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\system32\wuauclt.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\Downloads\mseinstall.exe
j:\cc225a26948a6a072c8e9fa3f9\epplauncher.exe
j:\cc225a26948a6a072c8e9fa3f9\amd64\Setup.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wusa.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\system32\wuauclt.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\vssvc.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: ALToolbarBho: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
EB: ALShopping: {d1821708-9fe4-4f75-b59c-acb9996d2c9d} - C:\Program Files (x86)\ESTsoft\ALShopping\ALShopping.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\SHINKI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\shin kim\AppData\Local\Temp\{A740D10F-0A41-4A52-BBEC-1C380B7DE1F5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: 알툴바 빠른검색(&Q) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_2170.dll/23/SEARCH.HTML
IE: 이미지 EXIF 정보 보기 -
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{08A46435-D993-4B74-86EF-365511660F2D} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{08A46435-D993-4B74-86EF-365511660F2D}\059656330223E24376 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBarProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: ALToolbarBho: {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
BHO-X64: ALToolbarBho - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: ALToolBar: {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
EB-X64: {D1821708-9FE4-4F75-B59C-ACB9996D2C9D} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {95E2E4BA-E131-4aab-85C5-2071F68ED3C3} - C:\Program Files (x86)\ESTsoft\ALShopping\alshopping.lnk
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-18 13592]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-8 2253120]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-23 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S1 EstRtwIFDrv;EstRtwIFDrv;C:\windows\system32\drivers\EstRtw.sys --> C:\windows\system32\drivers\EstRtw.sys [?]
S2 ALYac_RTSrv;ALYac RealTime Service;C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [2011-12-7 527744]
S2 ALYac_UpdSrv;ALYac Update Service;C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [2011-12-15 898944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AVer7231_x64;AVerMedia 7231 capture service;C:\windows\system32\DRIVERS\AVer7231_x64.sys --> C:\windows\system32\DRIVERS\AVer7231_x64.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;C:\Program Files\ESTsoft\ALYac\plugin\realtime\EstRtw.sys [2012-1-2 267104]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-24 05:31:00--------d-----w-C:\Program Files\Microsoft Security Client
2012-07-24 04:54:22--------d-----w-C:\$RECYCLE.BIN
2012-07-24 04:45:2498816----a-w-C:\windows\sed.exe
2012-07-24 04:45:24518144----a-w-C:\windows\SWREG.exe
2012-07-24 04:45:24256000----a-w-C:\windows\PEV.exe
2012-07-24 04:45:24208896----a-w-C:\windows\MBR.exe
2012-07-24 04:45:22--------d-----w-C:\ComboFix
2012-07-24 02:10:17--------d-----w-C:\ProgramData\Spybot - Search & Destroy
2012-07-24 02:10:17--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-24 02:09:26--------d-----w-C:\Users\shin kim\AppData\Roaming\Malwarebytes
2012-07-24 02:09:1724904----a-w-C:\windows\System32\drivers\mbam.sys
2012-07-24 02:09:17--------d-----w-C:\ProgramData\Malwarebytes
2012-07-24 02:09:16--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 01:55:56--------d-----w-C:\Users\shin kim\AppData\Local\{AB2DD5EF-3E9E-40AD-A55D-2D827D11A48E}
2012-07-24 01:55:41--------d-----w-C:\Users\shin kim\AppData\Local\{3E6674AB-CBD9-4688-8864-EDD26B3C3017}
2012-07-23 23:56:16--------d-----w-C:\Program Files\HoneyView3
2012-07-23 19:13:31--------d-----w-C:\Users\shin kim\AppData\Local\{FBE090BE-C695-427A-9DC5-4AD3B92C88C1}
2012-07-17 13:42:249133488----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A06CE5D-CC64-4129-AF8A-09CF3798ABE0}\mpengine.dll
2012-07-13 04:42:563147264----a-w-C:\windows\System32\win32k.sys
2012-07-13 03:08:322003968----a-w-C:\windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-06-26 12:13:04267104----a-w-C:\windows\System32\drivers\EstRtw.sys
2012-06-25 03:34:4621376----a-w-C:\windows\System32\bootalyac.exe
2012-06-06 05:50:501880064----a-w-C:\windows\System32\msxml3.dll
2012-06-06 05:09:461389568----a-w-C:\windows\SysWow64\msxml6.dll
2012-06-06 05:09:461236992----a-w-C:\windows\SysWow64\msxml3.dll
2012-06-02 22:19:42186752----a-w-C:\windows\System32\wuwebv.dll
2012-06-02 22:15:312622464----a-w-C:\windows\System32\wucltux.dll
2012-06-02 22:15:1236864----a-w-C:\windows\System32\wuapp.exe
2012-06-02 22:15:0899840----a-w-C:\windows\System32\wudriver.dll
2012-06-02 12:12:172311680----a-w-C:\windows\System32\jscript9.dll
2012-06-02 12:05:281392128----a-w-C:\windows\System32\wininet.dll
2012-06-02 12:04:501494528----a-w-C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40173056----a-w-C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:082382848----a-w-C:\windows\System32\mshtml.tlb
2012-06-02 08:33:251800192----a-w-C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:081129472----a-w-C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:031427968----a-w-C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33142848----a-w-C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:522382848----a-w-C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38:2695088----a-w-C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24152432----a-w-C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45459216----a-w-C:\windows\System32\drivers\cng.sys
2012-06-02 05:27:02340992----a-w-C:\windows\System32\schannel.dll
2012-06-02 05:27:00307200----a-w-C:\windows\System32\ncrypt.dll
2012-06-02 04:48:3922016----a-w-C:\windows\SysWow64\secur32.dll
2012-06-02 04:48:35225280----a-w-C:\windows\SysWow64\schannel.dll
2012-06-02 04:47:31219136----a-w-C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42:5196768----a-w-C:\windows\SysWow64\sspicli.dll
2012-05-31 19:25:12279656------w-C:\windows\System32\MpSigStub.exe
2012-05-04 10:52:225505392----a-w-C:\windows\System32\ntoskrnl.exe
2012-05-04 10:08:163958128----a-w-C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:153902320----a-w-C:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43208896----a-w-C:\windows\System32\profsvc.dll
2012-04-28 03:50:40204800----a-w-C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:3876288----a-w-C:\windows\System32\rdpwsx.dll
2012-04-26 05:34:37149504----a-w-C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:28:329216----a-w-C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:31:25.40 ===============
and
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/19/2011 8:21:28 PM
System Uptime: 7/23/2012 9:53:50 PM (1 hours ago)
.
Motherboard: Acer | | Aspire M3910
Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz | CPU 1 | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 787.086 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 931.341 GiB free.
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&DC382E&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&DC382E&0
Service: i8042prt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.0 MUI
Advertising Center
ASPCA Reminder by We-Care.com v5.0.5.1
D3DX10
DAEMON Tools Lite
DTS+AC3 Filter
GOM Player
GOMTV Plug-in
Google Chrome
Hotkey Utility
ImagXpress
Intel(R) Control Center
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shredder
Skype Click to Call
Skype™ 5.10
Spybot - Search & Destroy
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xiph.Org Open Codecs 0.85.17777
μTorrent
알쇼핑 1.1
알집 8.51
알툴바 2.17
알툴즈 업데이트
.
==== Event Viewer Messages From Past Week ========
.
7/23/2012 9:54:12 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/23/2012 9:53:21 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/23/2012 9:50:37 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/23/2012 9:43:58 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
7/23/2012 9:30:13 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/23/2012 9:30:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/23/2012 9:24:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsource Support Service service to connect.
7/23/2012 9:24:52 AM, Error: Service Control Manager [7000] - The Microsource Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 9:24:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800b476b30, 0xfffffa800b476e10, 0xfffff80003585720). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 072312-14383-01.
7/23/2012 9:23:06 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/23/2012 9:23:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/23/2012 8:56:41 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
7/23/2012 8:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
7/23/2012 8:32:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/23/2012 8:32:03 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
7/23/2012 7:05:19 PM, Error: Service Control Manager [7030] - The HomeGroup Provider service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/23/2012 10:24:20 PM, Error: Service Control Manager [7000] - The HomeGroup Provider service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
7/23/2012 10:24:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1079" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
7/22/2012 7:40:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================
so I am starting new post, sorry.
and I am sorry I ran unnecessary scan, and we're clear on your rules.
here are my results:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.23.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
shin kim :: MUSHI2 [administrator]
7/23/2012 7:27:41 PM
mbam-log-2012-07-23 (19-27-41).txt
Scan type: Full scan (C:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 480469
Time elapsed: 1 hour(s), 3 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\Microsource\Microsource.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.23.11
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
shin kim :: MUSHI2 [administrator]
7/23/2012 7:09:51 PM
mbam-log-2012-07-23 (19-09-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243884
Time elapsed: 12 minute(s), 48 second(s)
Memory Processes Detected: 1
C:\Program Files (x86)\Microsource\Microsource_se.exe (Adware.SupportBar) -> 1156 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 14
HKLM\SYSTEM\CurrentControlSet\Services\Microsource Update Service (Adware.SupportBar) -> Quarantined and deleted successfully.
HKCR\CLSID\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7BA6DF99-65C4-4135-8FF2-6AECC28D0AAF} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\Interface\{88F1E09F-3F83-42C5-9277-3CD45D52B891} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\ADPopup.AdPopupB.1 (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\ADPopup.AdPopupB (Adware.CySearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{397CFDD8-762F-44D4-9517-E3969F89639E} (Adware.CySearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67421A26-71F2-4E57-89B2-E49C6FD90DA1} (Adware.GreenOPen) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsource (Adware.SupportBar) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Program Files (x86)\Microsource\Microsource_se.exe (Adware.SupportBar) -> Delete on reboot.
C:\Program Files (x86)\ESTsoft\ALShopping\ALShoppingBho.dll (Adware.GreenOPen) -> Quarantined and deleted successfully.
C:\Supportbar_nas.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
C:\Windows\Microsource_uninstaller.exe (Adware.SupportBar) -> Quarantined and deleted successfully.
(end)
======================== above 2 were malwarebyte log ============================
the top one is full scan that I ran before I posted on this forum
so I apologize for 2 logs
====no log from GMER====
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by shin kim at 22:30:58 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7600.0.949.82.1033.18.8183.6138 [GMT -7:00]
.
AV: 알약 *Disabled/Updated* {78D70EA9-5CF2-58F4-85C5-F4B097655D94}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 알약 *Disabled/Updated* {C3B6EF4D-7AC8-577A-BF75-CFC2ECE21729}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\system32\wuauclt.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\shin kim\Downloads\mseinstall.exe
j:\cc225a26948a6a072c8e9fa3f9\epplauncher.exe
j:\cc225a26948a6a072c8e9fa3f9\amd64\Setup.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wusa.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\system32\wuauclt.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\vssvc.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: ALToolbarBho: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
EB: ALShopping: {d1821708-9fe4-4f75-b59c-acb9996d2c9d} - C:\Program Files (x86)\ESTsoft\ALShopping\ALShopping.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\SHINKI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\shin kim\AppData\Local\Temp\{A740D10F-0A41-4A52-BBEC-1C380B7DE1F5}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: 알툴바 빠른검색(&Q) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_2170.dll/23/SEARCH.HTML
IE: 이미지 EXIF 정보 보기 -
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{08A46435-D993-4B74-86EF-365511660F2D} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{08A46435-D993-4B74-86EF-365511660F2D}\059656330223E24376 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: smart - {402CA0E4-3090-402e-BE90-3EE9B766EBB0} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBarProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: ALToolbarBho: {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
BHO-X64: ALToolbarBho - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: ALToolBar: {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_2170.dll
EB-X64: {D1821708-9FE4-4F75-B59C-ACB9996D2C9D} - No File
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {95E2E4BA-E131-4aab-85C5-2071F68ED3C3} - C:\Program Files (x86)\ESTsoft\ALShopping\alshopping.lnk
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-18 13592]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-8 2253120]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-23 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S1 EstRtwIFDrv;EstRtwIFDrv;C:\windows\system32\drivers\EstRtw.sys --> C:\windows\system32\drivers\EstRtw.sys [?]
S2 ALYac_RTSrv;ALYac RealTime Service;C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [2011-12-7 527744]
S2 ALYac_UpdSrv;ALYac Update Service;C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [2011-12-15 898944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AVer7231_x64;AVerMedia 7231 capture service;C:\windows\system32\DRIVERS\AVer7231_x64.sys --> C:\windows\system32\DRIVERS\AVer7231_x64.sys [?]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;C:\Program Files\ESTsoft\ALYac\plugin\realtime\EstRtw.sys [2012-1-2 267104]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\system32\DRIVERS\netr28x.sys --> C:\windows\system32\DRIVERS\netr28x.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-24 05:31:00--------d-----w-C:\Program Files\Microsoft Security Client
2012-07-24 04:54:22--------d-----w-C:\$RECYCLE.BIN
2012-07-24 04:45:2498816----a-w-C:\windows\sed.exe
2012-07-24 04:45:24518144----a-w-C:\windows\SWREG.exe
2012-07-24 04:45:24256000----a-w-C:\windows\PEV.exe
2012-07-24 04:45:24208896----a-w-C:\windows\MBR.exe
2012-07-24 04:45:22--------d-----w-C:\ComboFix
2012-07-24 02:10:17--------d-----w-C:\ProgramData\Spybot - Search & Destroy
2012-07-24 02:10:17--------d-----w-C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-24 02:09:26--------d-----w-C:\Users\shin kim\AppData\Roaming\Malwarebytes
2012-07-24 02:09:1724904----a-w-C:\windows\System32\drivers\mbam.sys
2012-07-24 02:09:17--------d-----w-C:\ProgramData\Malwarebytes
2012-07-24 02:09:16--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 01:55:56--------d-----w-C:\Users\shin kim\AppData\Local\{AB2DD5EF-3E9E-40AD-A55D-2D827D11A48E}
2012-07-24 01:55:41--------d-----w-C:\Users\shin kim\AppData\Local\{3E6674AB-CBD9-4688-8864-EDD26B3C3017}
2012-07-23 23:56:16--------d-----w-C:\Program Files\HoneyView3
2012-07-23 19:13:31--------d-----w-C:\Users\shin kim\AppData\Local\{FBE090BE-C695-427A-9DC5-4AD3B92C88C1}
2012-07-17 13:42:249133488----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A06CE5D-CC64-4129-AF8A-09CF3798ABE0}\mpengine.dll
2012-07-13 04:42:563147264----a-w-C:\windows\System32\win32k.sys
2012-07-13 03:08:322003968----a-w-C:\windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-06-26 12:13:04267104----a-w-C:\windows\System32\drivers\EstRtw.sys
2012-06-25 03:34:4621376----a-w-C:\windows\System32\bootalyac.exe
2012-06-06 05:50:501880064----a-w-C:\windows\System32\msxml3.dll
2012-06-06 05:09:461389568----a-w-C:\windows\SysWow64\msxml6.dll
2012-06-06 05:09:461236992----a-w-C:\windows\SysWow64\msxml3.dll
2012-06-02 22:19:42186752----a-w-C:\windows\System32\wuwebv.dll
2012-06-02 22:15:312622464----a-w-C:\windows\System32\wucltux.dll
2012-06-02 22:15:1236864----a-w-C:\windows\System32\wuapp.exe
2012-06-02 22:15:0899840----a-w-C:\windows\System32\wudriver.dll
2012-06-02 12:12:172311680----a-w-C:\windows\System32\jscript9.dll
2012-06-02 12:05:281392128----a-w-C:\windows\System32\wininet.dll
2012-06-02 12:04:501494528----a-w-C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40173056----a-w-C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:082382848----a-w-C:\windows\System32\mshtml.tlb
2012-06-02 08:33:251800192----a-w-C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:081129472----a-w-C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:031427968----a-w-C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33142848----a-w-C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:522382848----a-w-C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38:2695088----a-w-C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24152432----a-w-C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45459216----a-w-C:\windows\System32\drivers\cng.sys
2012-06-02 05:27:02340992----a-w-C:\windows\System32\schannel.dll
2012-06-02 05:27:00307200----a-w-C:\windows\System32\ncrypt.dll
2012-06-02 04:48:3922016----a-w-C:\windows\SysWow64\secur32.dll
2012-06-02 04:48:35225280----a-w-C:\windows\SysWow64\schannel.dll
2012-06-02 04:47:31219136----a-w-C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42:5196768----a-w-C:\windows\SysWow64\sspicli.dll
2012-05-31 19:25:12279656------w-C:\windows\System32\MpSigStub.exe
2012-05-04 10:52:225505392----a-w-C:\windows\System32\ntoskrnl.exe
2012-05-04 10:08:163958128----a-w-C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:153902320----a-w-C:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43208896----a-w-C:\windows\System32\profsvc.dll
2012-04-28 03:50:40204800----a-w-C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:3876288----a-w-C:\windows\System32\rdpwsx.dll
2012-04-26 05:34:37149504----a-w-C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:28:329216----a-w-C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 22:31:25.40 ===============
and
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/19/2011 8:21:28 PM
System Uptime: 7/23/2012 9:53:50 PM (1 hours ago)
.
Motherboard: Acer | | Aspire M3910
Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz | CPU 1 | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 787.086 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 932 GiB total, 931.341 GiB free.
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&DC382E&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&DC382E&0
Service: i8042prt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.0 MUI
Advertising Center
ASPCA Reminder by We-Care.com v5.0.5.1
D3DX10
DAEMON Tools Lite
DTS+AC3 Filter
GOM Player
GOMTV Plug-in
Google Chrome
Hotkey Utility
ImagXpress
Intel(R) Control Center
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MPEG2 Codec(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shredder
Skype Click to Call
Skype™ 5.10
Spybot - Search & Destroy
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xiph.Org Open Codecs 0.85.17777
μTorrent
알쇼핑 1.1
알집 8.51
알툴바 2.17
알툴즈 업데이트
.
==== Event Viewer Messages From Past Week ========
.
7/23/2012 9:54:12 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/23/2012 9:53:21 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/23/2012 9:50:37 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/23/2012 9:43:58 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
7/23/2012 9:30:13 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/23/2012 9:30:12 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/23/2012 9:24:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsource Support Service service to connect.
7/23/2012 9:24:52 AM, Error: Service Control Manager [7000] - The Microsource Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 9:24:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800b476b30, 0xfffffa800b476e10, 0xfffff80003585720). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 072312-14383-01.
7/23/2012 9:23:06 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/23/2012 9:23:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/23/2012 8:56:41 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
7/23/2012 8:32:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
7/23/2012 8:32:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/23/2012 8:32:03 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
7/23/2012 7:05:19 PM, Error: Service Control Manager [7030] - The HomeGroup Provider service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/23/2012 10:24:20 PM, Error: Service Control Manager [7000] - The HomeGroup Provider service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
7/23/2012 10:24:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1079" attempting to start the service HomeGroupProvider with arguments "" in order to run the server: {EA022610-0748-4C24-B229-6C507EBDFDBB}
7/22/2012 7:40:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================