PC Performance&Stability Analysis Report

Resolved
By suankr
Aug 16, 2011
Topic Status:
Not open for further replies.
  1. When I turned my laptop on, there was only one desktop icon and the pc performance&stability analysis report popped up urging that I buy their advanced version.
    I've run the 5 step instructions shown in the forum..I will post the logs too..
    Please help me.. What should I do now?
  2. suankr

    suankr Newcomer, in training Topic Starter

    malwarebytes

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7476

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    2011-08-15 오후 8:40:01
    mbam-log-2011-08-15 (20-40-01).txt

    Scan type: Quick scan
    Objects scanned: 177404
    Time elapsed: 5 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IcccNBasHGUafxx (Trojan.FakeAlert) -> Value: IcccNBasHGUafxx -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\icccnbashguafxx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\programdata\p1kalmig2kb7fz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\System32\idalluninstall.exe (Rogue.IDChecker) -> Quarantined and deleted successfully.
    c:\Users\Soyoung\AppData\Local\Temp\tmp7280.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Soyoung\AppData\Local\Temp\tmp74D1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  3. suankr

    suankr Newcomer, in training Topic Starter

    gmer

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-15 21:28:28
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GJ00
    Running: lwpvgume.exe; Driver: C:\Users\Soyoung\AppData\Local\Temp\kgrirfog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13D1 82E5A349 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E93D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? System32\drivers\bnglsbfa.sys 지정된 경로를 찾을 수 없습니다. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[1956] @ C:\windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [753FFFF6] C:\windows\system32\apphelp.dll (응용 프로그램 호환성 클라이언트 라이브러리/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (커널 모드 드라이버 프레임워크 런타임/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (커널 모드 드라이버 프레임워크 런타임/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  4. suankr

    suankr Newcomer, in training Topic Starter

    dds

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514
    Run by Soyoung at 21:30:11 on 2011-08-15
    Microsoft Windows 7 Home Premium K 6.1.7601.1.949.82.1042.18.1916.971 [GMT -5:00]
    .
    AV: 알약 *Enabled/Outdated* {E7B77047-784D-9BC3-057F-13FEC2517B68}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: 알약 *Enabled/Outdated* {5CD691A3-5E77-944D-3FCF-288CB9D631D5}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
    C:\Program Files\ESTsoft\ALYac\AYServiceNT.aye
    C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
    C:\windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CloudManager\CloudManager.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\windows\system32\nPStarterSVC.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\npnj5Agent.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\explorer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\MicroCloudEngine\MicroCloudEngine.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\Program Files\Windows Live\Companion\companionuser.exe
    C:\windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.naver.com/
    uDefault_Page_URL = hxxp://toshiba.msn.com
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: 야후! 툴바: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\soyoung\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [chknltMC] rundll32 "c:\users\soyoung\appdata\local\temp\cmmodagt.dll",CreateProcessNotify
    mRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
    mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
    mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
    mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
    mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\고릴라~1.lnk - c:\program files\sbs\gorealra3\Goreala.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail101.mmm.com/dwa85W.cab
    DPF: {2FF06A12-7264-4C23-9F62-9A4DF5A95E86} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzConfJoin_HKMCProj1.cab
    DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
    DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzAutoLoginProj1.cab
    DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38}
    DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://mail101.mmm.com/dwa85W.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} - hxxp://www.limeusa.com/files/application/LimeusaControl2.CAB
    DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://card.keb.co.kr/veraport/veraport.cab
    DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_2/DaumActiveX.cab?ver=2,0,1,2
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{1439B5C1-3B5A-409F-89A8-B0FF4B672A4A} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\1427563713132393 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\33D47457563747 : DhcpNameServer = 10.10.20.1
    TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\4656661657C647 : DhcpNameServer = 209.18.47.61 192.168.1.1
    TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\C4F6574644F66756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{84159B8F-74D8-4CD4-9C8C-7AA9CDFA6D75}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~3\GO36F4~1.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AllShare;SAMSUNG AllShare Service;c:\program files\samsung\samsung pc share manager\WiselinkPro.exe [2010-7-16 6638080]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
    R2 CloudManager;CloudManager;c:\program files\cloudmanager\CloudManager.exe [2010-11-24 1179800]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-15 366640]
    R2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe [2011-6-24 250145]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-10-2 7680]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-3-4 67624]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-15 22712]
    R3 MicroCloudEngine;MicroCloudEngine;c:\program files\microcloudengine\MicroCloudEngine.exe [2010-11-19 1917088]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-10-2 24064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 fsssvc32;Windows Live Family Safety Service ;c:\windows\system32\vga25632.exe --> c:\windows\system32\vga25632.exe [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-10 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-15 30192]
    S3 gupdatem;Google 업데이트 서비스 (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]
    S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-6-24 26280]
    S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-6-24 126048]
    S3 NPIDS;NPIDS;c:\windows\system32\NPIdsVt.sys [2011-6-24 47712]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-2 182304]
    S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-10-2 51512]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-5 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-08-16 01:33:18 -------- d-----w- c:\users\soyoung\appdata\roaming\Malwarebytes
    2011-08-16 01:33:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 01:33:13 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-16 01:33:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-16 01:33:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-13 02:18:50 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7378aa76-4dcb-4e72-a3e5-4271f3c4905a}\mpengine.dll
    2011-08-09 21:47:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-23 22:28:42 -------- d-----w- c:\users\soyoung\appdata\local\ElevatedDiagnostics
    2011-07-23 01:25:48 -------- d-----w- c:\users\soyoung\appdata\roaming\uTorrent
    2011-07-23 01:25:48 -------- d-----w- c:\users\soyoung\appdata\local\uTorrent
    .
    ==================== Find3M ====================
    .
    2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-02 16:54:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-26 21:46:16 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-06-24 15:07:07 72272 ----a-w- c:\windows\system32\cosa.dll
    2011-06-24 15:07:07 58600 ----a-w- c:\windows\system32\I3Gescp.dll
    2011-06-24 15:07:07 439504 ----a-w- c:\windows\system32\I3GManager.exe
    2011-06-24 15:07:07 398544 ----a-w- c:\windows\system32\I3GManager.dll
    2011-06-24 15:07:07 214224 ----a-w- c:\windows\system32\I3GEX.exe
    2011-06-24 15:07:03 596064 ----a-w- c:\windows\system32\WebPriLoader.dll
    2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-21 05:28:33 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-06-10 12:33:53 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-01 22:58:32 471324 ----a-w- c:\windows\system32\npcopyx.exe
    2011-06-01 22:14:08 1003804 ----a-w- c:\windows\system32\NPDownx.exe
    2011-05-26 22:37:20 2244379 ----a-w- c:\windows\system32\npmonz.exe
    2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    .
    ============= FINISH: 21:30:47.62 ===============
  5. suankr

    suankr Newcomer, in training Topic Starter

    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Home Premium K
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2010-12-04 오후 9:34:41
    System Uptime: 2011-08-15 오후 8:44:01 (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 457 GiB total, 101.897 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP102: 2011-07-19 오후 3:49:12 - Windows Update
    RP103: 2011-07-26 오후 3:02:12 - Windows Update
    RP104: 2011-07-29 오후 8:54:00 - Windows Update
    RP105: 2011-07-30 오전 1:25:41 - Removed Skype Toolbars
    RP106: 2011-08-02 오후 1:34:00 - Windows Update
    RP107: 2011-08-05 오후 6:40:03 - Windows Update
    RP108: 2011-08-09 오후 4:48:06 - Windows Update
    RP109: 2011-08-09 오후 11:42:32 - Windows Update
    RP111: 2011-08-15 오후 7:26:05 - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.2 - Korean
    afreeca streamer(SBS) 제거
    Agatha Christie - Death on the Nile
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Atheros Driver Installation Program
    Bejeweled 2 Deluxe
    Bonjour
    Chrome
    Chuzzle Deluxe
    ClientKeeper KeyPro with E2E for 32bit
    CloudManager
    Conexant HD Audio
    CoreAAC Audio Decoder (remove only)
    D3DX10
    Daum ActiveX 컨트롤 - Daum 메일 파일업로더
    Diner Dash 2 Restaurant Rescue
    Dream Day Wedding
    DTS+AC3 필터
    FlipShare
    Garmin POI Loader
    Garmin USB Drivers
    GmoteServer
    Go-Go Gourmet
    Google Desktop
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Gorealra3
    Granny in Paradise
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iTunes
    Java(TM) 6 Update 17
    Junk Mail filter update
    LimeUSA Download
    LimeUSA Upload
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Mesh Runtime
    Messenger 사이트 공유
    MicroCloudEngine
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile KOR Language Pack
    Microsoft .NET Framework 4 Client Profile 한국어 언어 팩
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Korean) 2007
    Microsoft Office Excel 2007 Help 업데이트 (KB963678)
    Microsoft Office Excel MUI (Korean) 2007
    Microsoft Office IME (Korean) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Korean) 2007
    Microsoft Office Powerpoint 2007 Help 업데이트 (KB963669)
    Microsoft Office PowerPoint MUI (Korean) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (Korean) 2007
    Microsoft Office Proofing (Korean) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Korean) 2007
    Microsoft Office Shared MUI (Korean) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word 2007 Help 업데이트 (KB963665)
    Microsoft Office Word MUI (Korean) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MPEG2코덱(libmpeg2/mad)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    nProtect Netizen SVC (remove only)
    PlayReady PC Runtime x86
    QuickTime
    Ranch Rush
    Realtek USB 2.0 Card Reader
    SAMSUNG PC Share Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 5.3
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    Turbo Pizza
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    VeraPort (보안모듈관리 프로그램)
    WebEx
    WildTangent ORB Game Console
    WildTangent 게임
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Live 메일
    Windows Live 사진 갤러리
    Windows Live 필수 패키지
    Windows Mobile Device Center
    WinRAR 4.01 (32-bit)
    XecureWeb Control
    Yahoo! Software Update
    Zuma Deluxe
    곰플레이어
    네이버 ActiveX 가이드
    알약
    알툴즈 업데이트
    야후! 툴바
    원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
    이응
    .
    ==== End Of File ===========================
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll be glad to help you.

    There is a second language on your system- Korean I think, so the scans aren't able to read some of the entries. I will be asking you to give me information on some of the incomplete entries, so keep the logs on your desktop.
    =========================================
    There are some rogue programs on the system which may give you 'alerts' or 'error messages'. It's important that you do not act on any of these and only do what I instruct you to do. The following should help remove the hidden attributes of missing icons, etc. Please note: It is not going to remove the malware so it's important that you continue on with the cleaning.

    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    =============================================
    Combofix will help find more entries for removal:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==============================================
    I will be reviewing the other logs while you do the above and making a list of any entries I need you to translate.
    ============================================
    Note: Please uninstall or disable uTorrent and LimeUSA. Do not use ether and any other file sharing programs while I'm helping clean the system.
    =============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    When you have finished with the Combofix scan, please go on with this:

    Java is outdated. This is a vulnerability to the system. Please update now: Java Updates Uninstall any earlier versions in Add/Remove Programs..
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.

    It also means you will have malware in the Java cache, so it needs to be emptied as follows:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]

      There is no log to leave for the update or emptying the Java cache.
  8. suankr

    suankr Newcomer, in training Topic Starter

    combo fix

    thank you so much bobbye!
    I deleted limeusa and utorrent and installed a new version of java as well.




    ComboFix 11-08-16.05 - Soyoung 2011-08-16 18:53:55.1.2 - x86
    Microsoft Windows 7 Home Premium K 6.1.7601.1.949.82.1042.18.1916.946 [GMT -5:00]
    Running from: c:\users\Soyoung\Desktop\ComboFix.exe
    AV: 알약 *Disabled/Outdated* {E7B77047-784D-9BC3-057F-13FEC2517B68}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: 알약 *Disabled/Outdated* {5CD691A3-5E77-944D-3FCF-288CB9D631D5}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Soyoung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
    c:\users\Soyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
    c:\users\Soyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\System Repair.lnk
    c:\users\Soyoung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\Uninstall System Repair.lnk
    c:\users\Soyoung\Desktop\System Repair.lnk
    c:\users\Soyoung\videos\DarkNamer.exe
    c:\users\Soyoung\videos\YouTubeDownloaderSetup256.exe
    c:\windows\system32\11st.ico
    c:\windows\system32\JRSKD24.SYS
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_JRSKD24
    -------\Service_JRSKD24
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-16 23:46 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{44959F46-87F3-4860-BF57-8C6574204F5D}\mpengine.dll
    2011-08-16 01:33 . 2011-08-16 01:33 -------- d-----w- c:\users\Soyoung\AppData\Roaming\Malwarebytes
    2011-08-16 01:33 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-16 01:33 . 2011-08-16 01:33 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-16 01:33 . 2011-08-16 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-16 01:33 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-09 21:47 . 2011-07-16 04:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-23 22:28 . 2011-07-23 22:28 -------- d-----w- c:\users\Soyoung\AppData\Local\ElevatedDiagnostics
    2011-07-23 01:25 . 2011-08-14 23:28 -------- d-----w- c:\users\Soyoung\AppData\Roaming\uTorrent
    2011-07-23 01:25 . 2011-07-23 01:25 -------- d-----w- c:\users\Soyoung\AppData\Local\uTorrent
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-02 16:54 . 2011-07-02 16:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-26 21:46 . 2011-06-26 21:46 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2011-06-24 15:07 . 2011-06-24 15:07 439504 ----a-w- c:\windows\system32\I3GManager.exe
    2011-06-24 15:07 . 2011-06-24 15:07 72272 ----a-w- c:\windows\system32\cosa.dll
    2011-06-24 15:07 . 2011-06-24 15:07 58600 ----a-w- c:\windows\system32\I3Gescp.dll
    2011-06-24 15:07 . 2011-06-24 15:07 398544 ----a-w- c:\windows\system32\I3GManager.dll
    2011-06-24 15:07 . 2011-06-24 15:07 214224 ----a-w- c:\windows\system32\I3GEX.exe
    2011-06-24 15:07 . 2011-06-24 15:07 596064 ----a-w- c:\windows\system32\WebPriLoader.dll
    2011-06-24 15:06 . 2011-06-24 15:06 971042 ----a-w- c:\windows\system32\npstarterctrl.dll
    2011-06-24 15:06 . 2011-06-24 15:06 448032 ----a-w- c:\windows\system32\npstarter.ocx
    2011-06-24 15:06 . 2011-06-24 15:06 250145 ----a-w- c:\windows\system32\npstartersvc.exe
    2011-06-24 15:06 . 2011-06-24 15:06 221472 ----a-w- c:\windows\system32\npcopycheck.exe
    2011-06-24 15:06 . 2011-06-24 15:06 213279 ----a-w- c:\windows\system32\npnj5Agent.exe
    2011-06-24 15:06 . 2011-06-24 15:06 189984 ----a-w- c:\windows\system32\npnj5Launcher.exe
    2011-06-24 15:06 . 2011-06-24 15:06 19496 ----a-r- c:\windows\system32\JRSUKD25.SYS
    2011-06-24 15:06 . 2011-06-24 15:06 137128 ----a-r- c:\windows\system32\CKAgent.exe
    2011-06-24 15:06 . 2011-06-24 15:06 126048 ----a-w- c:\windows\system32\kcrtx86.sys
    2011-06-24 15:06 . 2011-06-24 15:06 79784 ----a-w- c:\windows\system32\CKKeyProCert.dll
    2011-06-24 15:06 . 2011-06-24 15:06 191072 ----a-w- c:\windows\system32\kcrypto.dll
    2011-06-24 15:06 . 2011-06-24 15:06 1173624 ----a-w- c:\windows\system32\CKSetup32.exe
    2011-06-24 15:06 . 2011-06-24 15:06 520184 ----a-w- c:\windows\system32\XecureCK.dll
    2011-06-24 15:06 . 2011-06-24 15:06 434428 ----a-w- c:\windows\system32\CKCSP.dll
    2011-06-24 15:06 . 2011-06-24 15:06 296872 ----a-w- c:\windows\system32\npKeyPro.dll
    2011-06-24 15:06 . 2011-06-24 15:06 173992 ----a-w- c:\windows\system32\CKApp.dll
    2011-06-24 15:06 . 2011-06-24 15:06 141224 ----a-w- c:\windows\system32\JRSoftcp.dll
    2011-06-11 02:29 . 2011-07-13 02:58 2334208 ----a-w- c:\windows\system32\win32k.sys
    2011-06-10 12:33 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-10 11:50 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-06-01 22:58 . 2011-06-24 15:06 471324 ----a-w- c:\windows\system32\npcopyx.exe
    2011-06-01 22:14 . 2011-06-24 15:06 1003804 ----a-w- c:\windows\system32\NPDownx.exe
    2011-05-26 22:37 . 2011-06-24 15:08 2244379 ----a-w- c:\windows\system32\npmonz.exe
    2011-05-25 00:14 . 2010-12-05 03:57 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-24 10:44 . 2011-06-28 23:25 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-12 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 175640]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 167960]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
    "TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
    "SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-19 163840]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
    "ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
    "TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
    "TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-15 30192]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
    "ALYac"="c:\program files\ESTsoft\ALYac\AYUpdate.exe" [2010-09-14 206712]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    고릴라3.0.lnk - c:\program files\SBS\Gorealra3\Goreala.exe [2011-2-6 634368]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
    Ime File REG_SZ IMKR12.IME
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 fsssvc32;Windows Live Family Safety Service ;c:\windows\system32\vga25632.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-15 30192]
    R3 gupdatem;Google 업데이트 서비스 (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
    R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-06-24 126048]
    R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt.sys [2010-05-13 47712]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
    S2 CloudManager;CloudManager;c:\program files\CloudManager\CloudManager.exe [2010-11-24 1179800]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
    S2 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [2011-06-24 250145]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-06 7680]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
    S3 MicroCloudEngine;MicroCloudEngine;c:\program files\MicroCloudEngine\MicroCloudEngine.exe [2010-11-19 1917088]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 24064]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
    .
    2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
    .
    2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107310853-2431086197-3259282184-1001Core.job
    - c:\users\Soyoung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
    .
    2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1107310853-2431086197-3259282184-1001UA.job
    - c:\users\Soyoung\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 01:37]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.naver.com/
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail101.mmm.com/dwa85W.cab
    DPF: {2FF06A12-7264-4C23-9F62-9A4DF5A95E86} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzConfJoin_HKMCProj1.cab
    DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
    DPF: {63E0388E-4CD2-4728-99CC-E3652A1AE7AD} - hxxp://conf.hmc.co.kr/ActiveX_cab/EzAutoLoginProj1.cab
    DPF: {90B508F3-F928-4D14-BF4E-9D0D732573E4} - hxxp://www.limeusa.com/files/application/LimeusaControl2.CAB
    DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://card.keb.co.kr/veraport/veraport.cab
    DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_2/DaumActiveX.cab?ver=2,0,1,2
    DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    AddRemove-LimeUSA Download - c:\program files\LimeUSA\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALYac_PZSrv]
    "ImagePath"="c:\program files\ESTsoft\ALYac\AYServiceNT.aye"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
    c:\windows\system32\conhost.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Flip Video\FlipShare\FlipShareService.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\npnj5Agent.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\System32\rundll32.exe
    c:\windows\system32\conhost.exe
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\windows\system32\DllHost.exe
    c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
    c:\windows\system32\wbem\WmiApSrv.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-08-16 19:06:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-08-17 00:06
    .
    Pre-Run: 109,152,555,008 바이트 남음
    Post-Run: 109,192,589,312 바이트 남음
    .
    - - End Of File - - 7FAE83E5F5BE529FCA89291CFFD5435D
  9. suankr

    suankr Newcomer, in training Topic Starter

    I need help.. I don't have much time left :T
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There is an identical thread at the forum in malwarebytes.org. THIS is a cached snashot of the DDS logs from Google.

    Are you getting help now in that forum also? I can only access the log- not the thread.

    Either place shows you're using an outdated AV.
  11. suankr

    suankr Newcomer, in training Topic Starter

    I've never posted in other websites regarding this problem so I'm not sure about that there being an identical thread.

    Anyways, you can make this thread inactive.
    Thanks for the help
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for the update.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.