Resolved PC Performance&Stability Analysis Report

Status
Not open for further replies.

suankr

Posts: 8   +0
When I turned my laptop on, there was only one desktop icon and the pc performance&stability analysis report popped up urging that I buy their advanced version.
I've run the 5 step instructions shown in the forum..I will post the logs too..
Please help me.. What should I do now?
 
malwarebytes

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7476

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

2011-08-15 오후 8:40:01
mbam-log-2011-08-15 (20-40-01).txt

Scan type: Quick scan
Objects scanned: 177404
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IcccNBasHGUafxx (Trojan.FakeAlert) -> Value: IcccNBasHGUafxx -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\icccnbashguafxx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\p1kalmig2kb7fz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\idalluninstall.exe (Rogue.IDChecker) -> Quarantined and deleted successfully.
c:\Users\Soyoung\AppData\Local\Temp\tmp7280.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Soyoung\AppData\Local\Temp\tmp74D1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 
gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-15 21:28:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00
Running: lwpvgume.exe; Driver: C:\Users\Soyoung\AppData\Local\Temp\kgrirfog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E5A349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E93D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\bnglsbfa.sys 지정된 경로를 찾을 수 없습니다. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (커널 모드 드라이버 프레임워크 런타임/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (커널 모드 드라이버 프레임워크 런타임/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
dds

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Soyoung at 21:30:11 on 2011-08-15
Microsoft Windows 7 Home Premium K 6.1.7601.1.949.82.1042.18.1916.971 [GMT -5:00]
.
AV: 알약 *Enabled/Outdated* {E7B77047-784D-9BC3-057F-13FEC2517B68}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 알약 *Enabled/Outdated* {5CD691A3-5E77-944D-3FCF-288CB9D631D5}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye
C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CloudManager\CloudManager.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\windows\system32\nPStarterSVC.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\npnj5Agent.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.naver.com/
uDefault_Page_URL = hxxp://toshiba.msn.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: 야후! 툴바: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\soyoung\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [chknltMC] rundll32 "c:\users\soyoung\appdata\local\temp\cmmodagt.dll",CreateProcessNotify
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\고릴라~1.lnk - c:\program files\sbs\gorealra3\Goreala.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail101.mmm.com/dwa85W.cab
DPF: {2FF06A12-7264-4C23-9F62-9A4DF5A95E86} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzConfJoin_HKMCProj1.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzAutoLoginProj1.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://mail101.mmm.com/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} - hxxp://www.limeusa.com/files/application/LimeusaControl2.CAB
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://card.keb.co.kr/veraport/veraport.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_2/DaumActiveX.cab?ver=2,0,1,2
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1439B5C1-3B5A-409F-89A8-B0FF4B672A4A} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\1427563713132393 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\33D47457563747 : DhcpNameServer = 10.10.20.1
TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\4656661657C647 : DhcpNameServer = 209.18.47.61 192.168.1.1
TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\C4F6574644F66756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 CloudManager;CloudManager;c:\program files\cloudmanager\CloudManager.exe [2010-11-24 1179800]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-15 366640]
R2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe [2011-6-24 250145]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-10-2 7680]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-3-4 67624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-15 22712]
R3 MicroCloudEngine;MicroCloudEngine;c:\program files\microcloudengine\MicroCloudEngine.exe [2010-11-19 1917088]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-10-2 24064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 fsssvc32;Windows Live Family Safety Service ;c:\windows\system32\vga25632.exe --> c:\windows\system32\vga25632.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-15 30192]
S3 gupdatem;Google 업데이트 서비스 (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-6-24 26280]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-6-24 126048]
S3 NPIDS;NPIDS;c:\windows\system32\NPIdsVt.sys [2011-6-24 47712]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-2 182304]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-10-2 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-5 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-16 01:33:18 -------- d-----w- c:\users\soyoung\appdata\roaming\Malwarebytes
2011-08-16 01:33:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 01:33:13 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 01:33:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 01:33:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-13 02:18:50 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7378aa76-4dcb-4e72-a3e5-4271f3c4905a}\mpengine.dll
2011-08-09 21:47:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-23 22:28:42 -------- d-----w- c:\users\soyoung\appdata\local\ElevatedDiagnostics
2011-07-23 01:25:48 -------- d-----w- c:\users\soyoung\appdata\roaming\uTorrent
2011-07-23 01:25:48 -------- d-----w- c:\users\soyoung\appdata\local\uTorrent
.
==================== Find3M ====================
.
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-02 16:54:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 21:46:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-24 15:07:07 72272 ----a-w- c:\windows\system32\cosa.dll
2011-06-24 15:07:07 58600 ----a-w- c:\windows\system32\I3Gescp.dll
2011-06-24 15:07:07 439504 ----a-w- c:\windows\system32\I3GManager.exe
2011-06-24 15:07:07 398544 ----a-w- c:\windows\system32\I3GManager.dll
2011-06-24 15:07:07 214224 ----a-w- c:\windows\system32\I3GEX.exe
2011-06-24 15:07:03 596064 ----a-w- c:\windows\system32\WebPriLoader.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 12:33:53 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-01 22:58:32 471324 ----a-w- c:\windows\system32\npcopyx.exe
2011-06-01 22:14:08 1003804 ----a-w- c:\windows\system32\NPDownx.exe
2011-05-26 22:37:20 2244379 ----a-w- c:\windows\system32\npmonz.exe
2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 21:30:47.62 ===============
 
attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium K
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-12-04 오후 9:34:41
System Uptime: 2011-08-15 오후 8:44:01 (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 101.897 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP102: 2011-07-19 오후 3:49:12 - Windows Update
RP103: 2011-07-26 오후 3:02:12 - Windows Update
RP104: 2011-07-29 오후 8:54:00 - Windows Update
RP105: 2011-07-30 오전 1:25:41 - Removed Skype Toolbars
RP106: 2011-08-02 오후 1:34:00 - Windows Update
RP107: 2011-08-05 오후 6:40:03 - Windows Update
RP108: 2011-08-09 오후 4:48:06 - Windows Update
RP109: 2011-08-09 오후 11:42:32 - Windows Update
RP111: 2011-08-15 오후 7:26:05 - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2 - Korean
afreeca streamer(SBS) 제거
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Bejeweled 2 Deluxe
Bonjour
Chrome
Chuzzle Deluxe
ClientKeeper KeyPro with E2E for 32bit
CloudManager
Conexant HD Audio
CoreAAC Audio Decoder (remove only)
D3DX10
Daum ActiveX 컨트롤 - Daum 메일 파일업로더
Diner Dash 2 Restaurant Rescue
Dream Day Wedding
DTS+AC3 필터
FlipShare
Garmin POI Loader
Garmin USB Drivers
GmoteServer
Go-Go Gourmet
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Gorealra3
Granny in Paradise
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
LimeUSA Download
LimeUSA Upload
Malwarebytes' Anti-Malware version 1.51.1.1800
Mesh Runtime
Messenger 사이트 공유
MicroCloudEngine
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile KOR Language Pack
Microsoft .NET Framework 4 Client Profile 한국어 언어 팩
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Korean) 2007
Microsoft Office Excel 2007 Help 업데이트 (KB963678)
Microsoft Office Excel MUI (Korean) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Korean) 2007
Microsoft Office Powerpoint 2007 Help 업데이트 (KB963669)
Microsoft Office PowerPoint MUI (Korean) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proofing (Korean) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Korean) 2007
Microsoft Office Shared MUI (Korean) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word 2007 Help 업데이트 (KB963665)
Microsoft Office Word MUI (Korean) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MPEG2코덱(libmpeg2/mad)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
nProtect Netizen SVC (remove only)
PlayReady PC Runtime x86
QuickTime
Ranch Rush
Realtek USB 2.0 Card Reader
SAMSUNG PC Share Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.3
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VeraPort (보안모듈관리 프로그램)
WebEx
WildTangent ORB Game Console
WildTangent 게임
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 메일
Windows Live 사진 갤러리
Windows Live 필수 패키지
Windows Mobile Device Center
WinRAR 4.01 (32-bit)
XecureWeb Control
Yahoo! Software Update
Zuma Deluxe
곰플레이어
네이버 ActiveX 가이드
알약
알툴즈 업데이트
야후! 툴바
원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
이응
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll be glad to help you.

There is a second language on your system- Korean I think, so the scans aren't able to read some of the entries. I will be asking you to give me information on some of the incomplete entries, so keep the logs on your desktop.
=========================================
There are some rogue programs on the system which may give you 'alerts' or 'error messages'. It's important that you do not act on any of these and only do what I instruct you to do. The following should help remove the hidden attributes of missing icons, etc. Please note: It is not going to remove the malware so it's important that you continue on with the cleaning.

Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
=============================================
Combofix will help find more entries for removal:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==============================================
I will be reviewing the other logs while you do the above and making a list of any entries I need you to translate.
============================================
Note: Please uninstall or disable uTorrent and LimeUSA. Do not use ether and any other file sharing programs while I'm helping clean the system.
=============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
When you have finished with the Combofix scan, please go on with this:

Java is outdated. This is a vulnerability to the system. Please update now: Java Updates Uninstall any earlier versions in Add/Remove Programs..
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.

It also means you will have malware in the Java cache, so it needs to be emptied as follows:
  1. . Click Start > Control Panel.
  2. . Double-click the Java icon
    java.png
    in the Control Panel.
  3. . Click Settings under Temporary Internet Files.
    http://www.java.com/en/img/download/5000020303.jpg[/b]
    There are three options on this window to clear the cache.(Version dependent)
    [o]. Delete Files
    [o]. View Applications
    [o]. View Applets
    [*]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [*]. Click OK on Temporary Files Settings window. [/list]

    There is no log to leave for the update or emptying the Java cache.
 
combo fix

thank you so much bobbye!
I deleted limeusa and utorrent and installed a new version of java as well.




ComboFix 11-08-16.05 - Soyoung 2011-08-16 18:53:55.1.2 - x86
Microsoft Windows 7 Home Premium K 6.1.7601.1.949.82.1042.18.1916.946 [GMT -5:00]
Running from: c:\users\Soyoung\Desktop\ComboFix.exe
AV: 알약 *Disabled/Outdated* {E7B77047-784D-9BC3-057F-13FEC2517B68}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: 알약 *Disabled/Outdated* {5CD691A3-5E77-944D-3FCF-288CB9D631D5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Soyoung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
c:\users\Soyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
c:\users\Soyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\System Repair.lnk
c:\users\Soyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\Uninstall System Repair.lnk
c:\users\Soyoung\Desktop\System Repair.lnk
c:\users\Soyoung\videos\DarkNamer.exe
c:\users\Soyoung\videos\YouTubeDownloaderSetup256.exe
c:\windows\system32\11st.ico
c:\windows\system32\JRSKD24.SYS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JRSKD24
-------\Service_JRSKD24
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-16 23:46 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44959F46-87F3-4860-BF57-8C6574204F5D}\mpengine.dll
2011-08-16 01:33 . 2011-08-16 01:33 -------- d-----w- c:\users\Soyoung\AppData\Roaming\Malwarebytes
2011-08-16 01:33 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 01:33 . 2011-08-16 01:33 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 01:33 . 2011-08-16 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 01:33 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-09 21:47 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-23 22:28 . 2011-07-23 22:28 -------- d-----w- c:\users\Soyoung\AppData\Local\ElevatedDiagnostics
2011-07-23 01:25 . 2011-08-14 23:28 -------- d-----w- c:\users\Soyoung\AppData\Roaming\uTorrent
2011-07-23 01:25 . 2011-07-23 01:25 -------- d-----w- c:\users\Soyoung\AppData\Local\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 16:54 . 2011-07-02 16:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 21:46 . 2011-06-26 21:46 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-24 15:07 . 2011-06-24 15:07 439504 ----a-w- c:\windows\system32\I3GManager.exe
2011-06-24 15:07 . 2011-06-24 15:07 72272 ----a-w- c:\windows\system32\cosa.dll
2011-06-24 15:07 . 2011-06-24 15:07 58600 ----a-w- c:\windows\system32\I3Gescp.dll
2011-06-24 15:07 . 2011-06-24 15:07 398544 ----a-w- c:\windows\system32\I3GManager.dll
2011-06-24 15:07 . 2011-06-24 15:07 214224 ----a-w- c:\windows\system32\I3GEX.exe
2011-06-24 15:07 . 2011-06-24 15:07 596064 ----a-w- c:\windows\system32\WebPriLoader.dll
2011-06-24 15:06 . 2011-06-24 15:06 971042 ----a-w- c:\windows\system32\npstarterctrl.dll
2011-06-24 15:06 . 2011-06-24 15:06 448032 ----a-w- c:\windows\system32\npstarter.ocx
2011-06-24 15:06 . 2011-06-24 15:06 250145 ----a-w- c:\windows\system32\npstartersvc.exe
2011-06-24 15:06 . 2011-06-24 15:06 221472 ----a-w- c:\windows\system32\npcopycheck.exe
2011-06-24 15:06 . 2011-06-24 15:06 213279 ----a-w- c:\windows\system32\npnj5Agent.exe
2011-06-24 15:06 . 2011-06-24 15:06 189984 ----a-w- c:\windows\system32\npnj5Launcher.exe
2011-06-24 15:06 . 2011-06-24 15:06 19496 ----a-r- c:\windows\system32\JRSUKD25.SYS
2011-06-24 15:06 . 2011-06-24 15:06 137128 ----a-r- c:\windows\system32\CKAgent.exe
2011-06-24 15:06 . 2011-06-24 15:06 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2011-06-24 15:06 . 2011-06-24 15:06 79784 ----a-w- c:\windows\system32\CKKeyProCert.dll
2011-06-24 15:06 . 2011-06-24 15:06 191072 ----a-w- c:\windows\system32\kcrypto.dll
2011-06-24 15:06 . 2011-06-24 15:06 1173624 ----a-w- c:\windows\system32\CKSetup32.exe
2011-06-24 15:06 . 2011-06-24 15:06 520184 ----a-w- c:\windows\system32\XecureCK.dll
2011-06-24 15:06 . 2011-06-24 15:06 434428 ----a-w- c:\windows\system32\CKCSP.dll
2011-06-24 15:06 . 2011-06-24 15:06 296872 ----a-w- c:\windows\system32\npKeyPro.dll
2011-06-24 15:06 . 2011-06-24 15:06 173992 ----a-w- c:\windows\system32\CKApp.dll
2011-06-24 15:06 . 2011-06-24 15:06 141224 ----a-w- c:\windows\system32\JRSoftcp.dll
2011-06-11 02:29 . 2011-07-13 02:58 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 12:33 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-10 11:50 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-01 22:58 . 2011-06-24 15:06 471324 ----a-w- c:\windows\system32\npcopyx.exe
2011-06-01 22:14 . 2011-06-24 15:06 1003804 ----a-w- c:\windows\system32\NPDownx.exe
2011-05-26 22:37 . 2011-06-24 15:08 2244379 ----a-w- c:\windows\system32\npmonz.exe
2011-05-25 00:14 . 2010-12-05 03:57 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44 . 2011-06-28 23:25 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 167960]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-19 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-15 30192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"ALYac"="c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2010-09-14 206712]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
고릴라3.0.lnk - c:\program files\SBS\Gorealra3\Goreala.exe [2011-2-6 634368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMKR12.IME
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 fsssvc32;Windows Live Family Safety Service ;c:\windows\system32\vga25632.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-15 30192]
R3 gupdatem;Google 업데이트 서비스 (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-06-24 126048]
R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt.sys [2010-05-13 47712]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 CloudManager;CloudManager;c:\program files\CloudManager\CloudManager.exe [2010-11-24 1179800]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [2011-06-24 250145]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-06 7680]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 MicroCloudEngine;MicroCloudEngine;c:\program files\MicroCloudEngine\MicroCloudEngine.exe [2010-11-19 1917088]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107310853-2431086197-3259282184-1001Core.job
- c:\users\Soyoung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107310853-2431086197-3259282184-1001UA.job
- c:\users\Soyoung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.naver.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail101.mmm.com/dwa85W.cab
DPF: {2FF06A12-7264-4C23-9F62-9A4DF5A95E86} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzConfJoin_HKMCProj1.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzAutoLoginProj1.cab
DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} - hxxp://www.limeusa.com/files/application/LimeusaControl2.CAB
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://card.keb.co.kr/veraport/veraport.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_2/DaumActiveX.cab?ver=2,0,1,2
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-LimeUSA Download - c:\program files\LimeUSA\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_PZSrv]
"ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNT.aye"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\npnj5Agent.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\DllHost.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-16 19:06:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 00:06
.
Pre-Run: 109,152,555,008 바이트 남음
Post-Run: 109,192,589,312 바이트 남음
.
- - End Of File - - 7FAE83E5F5BE529FCA89291CFFD5435D
 
There is an identical thread at the forum in malwarebytes.org. THIS is a cached snashot of the DDS logs from Google.

Are you getting help now in that forum also? I can only access the log- not the thread.

Either place shows you're using an outdated AV.
 
I've never posted in other websites regarding this problem so I'm not sure about that there being an identical thread.

Anyways, you can make this thread inactive.
Thanks for the help
 
Status
Not open for further replies.
Back