also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

TechSpot News Products Downloads Forums

[Solved] Windows Vista 2012 Security virus, cannot connect to Internet to download software

Discussion in 'Virus and Malware Removal' started by paulsingsong, Jan 11, 2012.

Page 1 of 4

paulsingsong Newcomer, in training

I got a windows vista security 2012 virus that runs a scan that states fake warnings. At present, when I log on to "user" (which is not the admin), I get a pop up from windows manager asking me to enter the password for the (admin). If I do not and try to go back to the desktop, the entire screen goes blue, and the only thing I can do is hit ctrl+alt+del and to to task manager. I am connected to the internet but cannot use any browsers since the virus prevents me from doing so. I can run a cd, which I used to try and install malwarebytes onto the infected laptop, but the virus prevents me from doing so. Same goes for safe-mode with networking, I cannot gain access to the internet nor can I install any software!

I am running windows vista home 32 bit.

I am writing this post from my personal laptop which is running Windows Vista Home 64-bit. I have two infected laptops that have the same symtoms as described above (which both were infected when my younger brother went to a Stalin history website).

I read several other threads that are related to the one I am posting, but I did not know if the OTL fixes that people posted could be used for my computer as well. I really have no experience with any of this so any help is appreciated. Thank you for your patience and kindness!

-Paul

paulsingsong, Jan 11, 2012

#1
Broni Malware Annihilator
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

One computer per topic, so select one for starters.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.
Broni, Jan 11, 2012

#2
paulsingsong Newcomer, in training
i pressed the OTLPE icon (the one with an arrow pointing right). The popup I get asks me to "choose windows directory"

I chose the "windows" folder in Local Disk C: and I have now started the scan.

I have attached the OTL.txt as well
---------

OTL logfile created on: 1/11/2012 9:40:59 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 173.28 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/24 17:22:50 | 000,102,400 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/22 14:07:22 | 000,040,960 | ---- | M] () [Auto] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/23 11:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/09 19:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/10/09 17:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/17 16:52:36 | 000,023,224 | R--- | M] (NT Kernel Resources) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
DRV - [2007/04/16 01:29:14 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/05 04:36:00 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/01/31 03:10:00 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007/01/31 03:10:00 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007/01/31 03:10:00 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/12/22 08:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2005/01/31 12:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\glo_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\glo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\user_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/14 19:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/07 23:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Users\extra\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Users\extra\AppData\Local\Mozilla Firefox\plugins

[2011/08/22 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 12:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 22:35:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 02:09:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/11 21:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/17 11:26:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AveoKeySti] File not found
O4 - HKLM..\Run: [HncUpdate] C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe (Haansoft Inc.)
O4 - HKLM..\Run: [ICSDCLT] C:\Windows\System32\icsdclt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\Guest_ON_C..\Run: [ooVoo] File not found
O4 - HKU\Guest_ON_C..\Run: [ooVoo.exe] File not found
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunServices: [SSDPSRV] C:\Windows\System32\ssdpsrv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\user_ON_C\..Trusted Domains: 82movie.com ([www] http in Trusted sites)
O16 - DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} http://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab (MyBuilder Viewer Control Ver6.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124 (CyImage Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5 (Daum ActiveX manager Class)
O16 - DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} http://cyimg7.cyworld.com/cymusic/package/skcaset.cab (skcaset1 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: GPplayerActiveXCAB http://music.godpeople.com/gpplayer/GPplayerActiveXCAB.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/09 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/09 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\glo\AppData\Roaming\TestApp
[2012/01/08 03:19:25 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/08 02:34:18 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2011/12/14 00:12:58 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 00:12:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 00:12:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 00:12:55 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 00:12:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 00:12:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 00:12:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 00:12:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 00:12:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 00:12:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 00:12:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 00:12:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 00:12:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 00:12:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 00:12:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 00:12:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 00:12:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 00:12:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 00:12:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 00:12:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 00:12:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 00:12:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 00:12:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/14 00:12:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2007/07/04 23:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 23:54:14 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/10 23:54:14 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/10 23:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job
[2012/01/09 23:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000UA.job
[2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 14:28:17 | 000,512,992 | ---- | M] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
[2012/01/09 14:26:56 | 000,106,496 | ---- | M] () -- C:\Users\glo\Desktop\nuke-M.exe
[2012/01/09 14:14:47 | 000,000,359 | ---- | M] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
[2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/01/08 16:47:17 | 000,522,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/08 02:21:43 | 000,010,852 | -HS- | M] () -- C:\ProgramData\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
[2012/01/08 02:21:42 | 000,010,852 | -HS- | M] () -- C:\Users\user\AppData\Local\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
[2012/01/08 02:19:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/08 01:59:52 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\iExplore.exe
[2012/01/08 01:58:01 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\rkill.com
[2012/01/08 01:53:17 | 000,001,205 | ---- | M] () -- C:\Users\user\Desktop\FixNCR.reg
[2012/01/08 00:04:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000Core.job
[2012/01/01 21:00:39 | 000,013,596 | ---- | M] () -- C:\Users\user\Documents\songsong.odt
[2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/09 14:28:17 | 000,512,992 | ---- | C] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
[2012/01/09 14:26:40 | 000,106,496 | ---- | C] () -- C:\Users\glo\Desktop\nuke-M.exe
[2012/01/09 14:14:47 | 000,000,359 | ---- | C] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
[2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\rkill.com
[2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\iExplore.exe
[2012/01/08 03:19:25 | 000,001,205 | ---- | C] () -- C:\Users\user\Desktop\FixNCR.reg
[2012/01/08 01:04:09 | 000,010,852 | -HS- | C] () -- C:\Users\user\AppData\Local\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
[2012/01/08 01:04:09 | 000,010,852 | -HS- | C] () -- C:\ProgramData\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe
[2012/01/01 21:00:38 | 000,013,596 | ---- | C] () -- C:\Users\user\Documents\songsong.odt
[2011/05/29 10:59:01 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/04/22 15:02:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/27 15:04:21 | 000,066,920 | ---- | C] () -- C:\Windows\CMListControl.dll
[2010/06/14 12:05:11 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/06/01 22:30:08 | 000,188,653 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/03/17 20:40:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/14 19:37:19 | 000,023,136 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/10 13:00:55 | 000,077,305 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/01/07 17:01:24 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2010/01/07 16:58:55 | 000,176,428 | ---- | C] () -- C:\Windows\hpwins19.dat
[2009/12/03 11:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/11 17:22:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 17:22:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/09 19:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/06/02 09:15:05 | 000,150,365 | ---- | C] () -- C:\Windows\hpoins33.dat
[2009/05/26 21:08:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/15 23:16:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DAUMCRYPT.DLL
[2009/04/19 09:26:23 | 000,022,528 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/14 21:54:49 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini
[2009/04/14 21:46:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\winhcfga.ini
[2009/02/11 19:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/12/10 15:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/10/25 04:40:22 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2008/01/23 17:02:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/23 16:58:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2008/01/23 16:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008/01/23 16:48:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008/01/23 16:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
[2008/01/23 16:41:03 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll
[2008/01/23 14:55:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/01/07 09:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2007/04/05 04:27:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/03/06 04:04:00 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,522,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 17:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2005/01/31 10:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003/03/05 20:57:50 | 000,005,021 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2012/01/09 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\glo\AppData\Roaming\TestApp
[2011/02/15 00:28:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ooVoo Details
[2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WD
[2009/05/12 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\acccore
[2010/09/26 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.soribada.nc.SbnextClient.4AFBF30EED573EEEE71517CA0DF28BEB04929F7C.1
[2009/05/30 02:24:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
[2010/11/02 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/04/14 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hnc
[2010/05/04 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ooVoo Details
[2010/06/13 01:31:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\oovooinstaller
[2009/04/12 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WD
[2009/05/12 18:33:05 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
[2010/04/17 00:41:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/05/29 11:34:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ASign
[2011/05/24 23:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/07/10 00:20:50 | 000,000,000 | ---D | M] -- C:\ProgramData\DriverCure
[2010/05/05 21:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\EmailNotifier
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/11/22 23:39:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Hnc
[2011/05/02 13:06:28 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon
[2010/06/19 03:20:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ParetoLogic
[2008/07/08 18:53:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PassMark
[2009/04/13 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/01/09 16:12:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/05/12 18:33:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2008/01/23 18:40:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/07/29 10:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/06 00:58:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/12/24 10:06:15 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/01/05 21:57:30 | 000,084,480 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
[2012/01/05 21:57:29 | 000,084,480 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
[2011/12/22 13:27:24 | 000,000,000 | ---D | M](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
[2011/11/28 17:15:36 | 000,000,000 | ---D | M](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
[2011/11/28 14:46:47 | 000,000,000 | ---D | C](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
[2011/10/13 15:59:37 | 000,026,112 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
[2011/10/13 15:46:42 | 000,026,112 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
[2011/10/04 23:17:28 | 000,015,360 | ---- | C] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
[2011/10/04 23:17:18 | 000,027,136 | ---- | C] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
[2011/09/18 10:55:53 | 000,000,000 | ---D | M](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
[2011/09/18 10:48:25 | 000,000,000 | ---D | C](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
[2011/09/18 10:06:53 | 000,044,544 | ---- | M] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
[2011/09/18 10:04:21 | 000,044,544 | ---- | C] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
[2011/09/05 23:00:33 | 000,024,136 | ---- | C] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
[2011/09/04 13:50:08 | 000,024,136 | ---- | M] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
[2011/07/10 13:15:50 | 000,000,162 | -H-- | M] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
[2011/07/10 13:15:50 | 000,000,162 | -H-- | C] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
[2011/06/26 12:22:39 | 000,000,000 | ---D | C](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
[2011/06/12 02:28:55 | 000,019,968 | ---- | M] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
[2011/06/12 02:28:55 | 000,019,968 | ---- | C] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
[2011/05/29 12:22:50 | 000,016,896 | ---- | C] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
[2011/05/22 12:02:10 | 000,016,896 | ---- | M] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
[2011/03/14 20:22:29 | 000,053,760 | ---- | M] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
[2011/03/14 12:48:21 | 000,053,760 | ---- | C] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
[2011/03/14 02:23:10 | 000,017,408 | ---- | M] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
[2011/03/14 02:23:09 | 000,017,408 | ---- | C] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
[2011/03/13 04:05:59 | 000,015,360 | ---- | M] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
[2011/03/10 11:41:58 | 000,016,384 | ---- | M] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
[2011/03/10 11:41:58 | 000,016,384 | ---- | C] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
[2010/11/26 22:36:06 | 000,027,136 | ---- | M] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
[2010/10/15 20:30:13 | 000,085,196 | ---- | M] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
[2010/10/15 20:30:13 | 000,085,196 | ---- | C] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
[2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
[2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
[2009/04/12 19:20:11 | 000,000,971 | ---- | M] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
[2009/04/12 19:20:11 | 000,000,971 | ---- | C] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\보조프로그램
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????? ???) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\프로젝터용 찬양집
(C:\Program Files\????) -- C:\Program Files\소리바다

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8C35AEA7
< End of report >
Attached Files:
- OTL.Txt
  
  File size:
  
  74.5 KB
  
  Views:
  
  1
paulsingsong, Jan 12, 2012

#3
Broni Malware Annihilator

Good ............

Broni, Jan 12, 2012

#4
paulsingsong Newcomer, in training

does edits to my posts notify you that I took the next step, or should I just reply a new post to the thread as this post? I just editted the previous post with the OTL. txt since the rules say to minimize useless posts >.<

paulsingsong, Jan 12, 2012

#5
Broni Malware Annihilator
No, I'm not getting any notifications about edits.
Make sure you follow forum's rules - all logs have to be pasted not attached.

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP) DRV - File not found [Kernel | On_Demand] -- -- (SymIM) IE - HKU\glo_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKU\user_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - Reg Error: Key error. File not found O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found. O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found. O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AveoKeySti] File not found O4 - HKU\Guest_ON_C..\Run: [ooVoo] File not found O4 - HKU\Guest_ON_C..\Run: [ooVoo.exe] File not found O15 - HKU\user_ON_C\..Trusted Domains: 82movie.com ([www] http in Trusted sites) O16 - DPF: GPplayerActiveXCAB http://music.godpeople.com/gpplayer/...ActiveXCAB.CAB (Reg Error: Key error.) [2012/01/08 02:21:43 | 000,010,852 | -HS- | M] () -- C:\ProgramData\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe [2012/01/08 02:21:42 | 000,010,852 | -HS- | M] () -- C:\Users\user\AppData\Local\88msd11ueh3737qhmbx87xfcog7cn86jjr3g76u5c37xxe @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8C35AEA7 :Services :Reg :Files :Commands [purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.

(The content of Fix.txt should appear in the box)

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post the log produced (you'll need to transfer it with USB stick)

Attempt to reboot normally into Windows.
Broni, Jan 12, 2012

#6
paulsingsong Newcomer, in training

Good morning Broni!

Ran the fix. Tried to shut down windows normally, but Windows would not shut down so I just turned it by holding down the "power on" button. I am running the OTLPE scan now. Is it okay that I turned off the computer like that?

paulsingsong, Jan 12, 2012

#7
Broni Malware Annihilator

Yes OTLPE doesn't give you any other option.
If you ran the fix did you try to boot normally?

Broni, Jan 12, 2012

#8
paulsingsong Newcomer, in training

Here is the scan. I tried to shut down Windows correctly again, but now the computer is screen is frozen. Should I shut if off using the"power on" button and restart windows normally?

---------------

OTL logfile created on: 1/12/2012 9:58:40 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 173.29 Gb Free Space | 74.41% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 0.30 Gb Free Space | 16.31% Space Free | Partition Type: FAT
Drive E: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/24 17:22:50 | 000,102,400 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/22 14:07:22 | 000,040,960 | ---- | M] () [Auto] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/23 11:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/09 19:16:42 | 003,482,240 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/10/09 17:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/17 16:52:36 | 000,023,224 | R--- | M] (NT Kernel Resources) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ndisrd.sys -- (Ndisrd)
DRV - [2007/04/16 01:29:14 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/05 04:36:00 | 002,464,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/01/31 03:10:00 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007/01/31 03:10:00 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007/01/31 03:10:00 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/12/22 08:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2005/01/31 12:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 12:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
IE - HKU\glo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\glo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.averatec.com/
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/14 19:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/07 23:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 23:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Users\extra\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Users\extra\AppData\Local\Mozilla Firefox\plugins

[2011/08/22 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/14 12:47:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 22:35:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 02:09:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/11 21:36:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/17 11:26:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 06:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HncUpdate] C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe (Haansoft Inc.)
O4 - HKLM..\Run: [ICSDCLT] C:\Windows\System32\icsdclt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\Guest_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunServices: [SSDPSRV] C:\Windows\System32\ssdpsrv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\glo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} http://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab (MyBuilder Viewer Control Ver6.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124 (CyImage Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5 (Daum ActiveX manager Class)
O16 - DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} http://cyimg7.cyworld.com/cymusic/package/skcaset.cab (skcaset1 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/01/05 23:19:58 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2007/10/23 02:22:58 | 000,000,283 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 09:38:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/12 09:33:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/09 14:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/09 14:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/09 14:14:45 | 000,000,000 | ---D | C] -- C:\Users\glo\AppData\Roaming\TestApp
[2012/01/08 03:19:25 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/08 02:34:18 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2011/12/14 00:12:58 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 00:12:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 00:12:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 00:12:55 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 00:12:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 00:12:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 00:12:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 00:12:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 00:12:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 00:12:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 00:12:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 00:12:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 00:12:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 00:12:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 00:12:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 00:12:29 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 00:12:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 00:12:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 00:12:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 00:12:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 00:12:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 00:12:25 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 00:12:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/14 00:12:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2007/07/04 23:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 23:54:14 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/10 23:54:14 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/10 23:49:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job
[2012/01/09 23:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000UA.job
[2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 22:04:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/09 14:28:17 | 000,512,992 | ---- | M] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
[2012/01/09 14:26:56 | 000,106,496 | ---- | M] () -- C:\Users\glo\Desktop\nuke-M.exe
[2012/01/09 14:14:47 | 000,000,359 | ---- | M] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
[2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/01/08 16:47:17 | 000,522,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/08 02:19:44 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/08 01:59:52 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\iExplore.exe
[2012/01/08 01:58:01 | 001,008,141 | ---- | M] () -- C:\Users\user\Desktop\rkill.com
[2012/01/08 01:53:17 | 000,001,205 | ---- | M] () -- C:\Users\user\Desktop\FixNCR.reg
[2012/01/08 00:04:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948455275-2262482614-2155968984-1000Core.job
[2012/01/01 21:00:39 | 000,013,596 | ---- | M] () -- C:\Users\user\Documents\songsong.odt
[2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/09 14:28:17 | 000,512,992 | ---- | C] () -- C:\Users\glo\Desktop\PCTools_Safe_Install[1].exe
[2012/01/09 14:26:40 | 000,106,496 | ---- | C] () -- C:\Users\glo\Desktop\nuke-M.exe
[2012/01/09 14:14:47 | 000,000,359 | ---- | C] () -- C:\Users\glo\Desktop\sdsetup.exe.lnk
[2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\rkill.com
[2012/01/08 03:19:25 | 001,008,141 | ---- | C] () -- C:\Users\user\Desktop\iExplore.exe
[2012/01/08 03:19:25 | 000,001,205 | ---- | C] () -- C:\Users\user\Desktop\FixNCR.reg
[2012/01/01 21:00:38 | 000,013,596 | ---- | C] () -- C:\Users\user\Documents\songsong.odt
[2011/05/29 10:59:01 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2011/04/22 15:02:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/27 15:04:21 | 000,066,920 | ---- | C] () -- C:\Windows\CMListControl.dll
[2010/06/14 12:05:11 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/06/01 22:30:08 | 000,188,653 | ---- | C] () -- C:\Windows\hpwins22.dat
[2010/03/17 20:40:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/14 19:37:19 | 000,023,136 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/10 13:00:55 | 000,077,305 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/01/07 17:01:24 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2010/01/07 16:58:55 | 000,176,428 | ---- | C] () -- C:\Windows\hpwins19.dat
[2009/12/03 11:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/11 17:22:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 17:22:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/09 19:16:42 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/06/02 09:15:05 | 000,150,365 | ---- | C] () -- C:\Windows\hpoins33.dat
[2009/05/26 21:08:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/15 23:16:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DAUMCRYPT.DLL
[2009/04/19 09:26:23 | 000,022,528 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/14 21:54:49 | 000,000,040 | ---- | C] () -- C:\Windows\Hjimesv.ini
[2009/04/14 21:46:46 | 000,000,016 | ---- | C] () -- C:\Windows\System32\winhcfga.ini
[2009/02/11 19:45:02 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/12/10 15:49:10 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2008/10/25 04:40:22 | 000,002,979 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2008/01/23 17:02:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/23 16:58:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2008/01/23 16:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008/01/23 16:48:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008/01/23 16:48:37 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll
[2008/01/23 16:41:03 | 000,356,352 | R--- | C] () -- C:\Windows\EMCRI.dll
[2008/01/23 14:55:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/01/07 09:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2007/04/05 04:27:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/03/06 04:04:00 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,522,728 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 17:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2005/01/31 10:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003/03/05 20:57:50 | 000,005,021 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2012/01/09 14:14:45 | 000,000,000 | ---D | M] -- C:\Users\glo\AppData\Roaming\TestApp
[2011/02/15 00:28:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ooVoo Details
[2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WD
[2009/05/12 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\acccore
[2010/09/26 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.soribada.nc.SbnextClient.4AFBF30EED573EEEE71517CA0DF28BEB04929F7C.1
[2009/05/30 02:24:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DriverCure
[2010/11/02 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/04/14 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hnc
[2010/05/04 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ooVoo Details
[2010/06/13 01:31:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\oovooinstaller
[2009/04/12 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011/08/05 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WD
[2009/05/12 18:33:05 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
[2010/04/17 00:41:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/05/29 11:34:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ASign
[2011/05/24 23:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/07/10 00:20:50 | 000,000,000 | ---D | M] -- C:\ProgramData\DriverCure
[2010/05/05 21:30:15 | 000,000,000 | ---D | M] -- C:\ProgramData\EmailNotifier
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/11/22 23:39:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Hnc
[2011/05/02 13:06:28 | 000,000,000 | ---D | M] -- C:\ProgramData\MemeoCommon
[2010/06/19 03:20:20 | 000,000,000 | ---D | M] -- C:\ProgramData\ParetoLogic
[2008/07/08 18:53:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PassMark
[2009/04/13 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/01/09 16:12:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/05/12 18:33:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2008/01/23 18:40:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/07/29 10:58:56 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/06 00:58:25 | 000,000,000 | ---D | M] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2012/01/08 21:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/01/08 21:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/12/24 04:20:00 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/12/24 10:06:15 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/09 23:33:00 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CE270888-6480-43F1-978E-4A1FA509BFBC}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/01/05 21:57:30 | 000,084,480 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
[2012/01/05 21:57:29 | 000,084,480 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\결혼식 순서.hwp
[2011/12/22 13:27:24 | 000,000,000 | ---D | M](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
[2011/11/28 17:15:36 | 000,000,000 | ---D | M](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
[2011/11/28 14:46:47 | 000,000,000 | ---D | C](C:\Users\user\Desktop\11-20-2011 ????) -- C:\Users\user\Desktop\11-20-2011 추수감사
[2011/10/13 15:59:37 | 000,026,112 | ---- | M] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
[2011/10/13 15:46:42 | 000,026,112 | ---- | C] ()(C:\Users\user\Desktop\??? ??.hwp) -- C:\Users\user\Desktop\어린이 음식.hwp
[2011/10/04 23:17:28 | 000,015,360 | ---- | C] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
[2011/10/04 23:17:18 | 000,027,136 | ---- | C] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
[2011/09/18 10:55:53 | 000,000,000 | ---D | M](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
[2011/09/18 10:48:25 | 000,000,000 | ---D | C](C:\Users\user\Desktop\pp?? ??) -- C:\Users\user\Desktop\pp주일 사진
[2011/09/18 10:06:53 | 000,044,544 | ---- | M] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
[2011/09/18 10:04:21 | 000,044,544 | ---- | C] ()(C:\Users\user\Documents\???? ?? ?? ??? ? ?? ‘???’.hwp) -- C:\Users\user\Documents\예수님의 삶을 닮아 있었던 참 의사 ‘안수현’.hwp
[2011/09/05 23:00:33 | 000,024,136 | ---- | C] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
[2011/09/04 13:50:08 | 000,024,136 | ---- | M] ()(C:\Users\user\Documents\??%20??.docx_1.odt) -- C:\Users\user\Documents\주일%20설교.docx_1.odt
[2011/07/10 13:15:50 | 000,000,162 | -H-- | M] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
[2011/07/10 13:15:50 | 000,000,162 | -H-- | C] ()(C:\Users\user\Desktop\~$??? ??.doc) -- C:\Users\user\Desktop\~$마지막 날에.doc
[2011/06/26 12:22:39 | 000,000,000 | ---D | C](C:\Users\user\Desktop\??church) -- C:\Users\user\Desktop\교회church
[2011/06/12 02:28:55 | 000,019,968 | ---- | M] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
[2011/06/12 02:28:55 | 000,019,968 | ---- | C] ()(C:\Users\user\Documents\6-12-2011 ???? ??? ?? ?? ?? ???? ?????.hwp) -- C:\Users\user\Documents\6-12-2011 성령세례 성령이 말씀 듣는 모든 사람에게 내려오시니.hwp
[2011/05/29 12:22:50 | 000,016,896 | ---- | C] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
[2011/05/22 12:02:10 | 000,016,896 | ---- | M] ()(C:\Users\user\Documents\? ?? ?? ????? ???? ?.hwp) -- C:\Users\user\Documents\★ 세계 속에 대한민국의 국력수준 ★.hwp
[2011/03/14 20:22:29 | 000,053,760 | ---- | M] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
[2011/03/14 12:48:21 | 000,053,760 | ---- | C] ()(C:\Users\user\Documents\????? e-mail???.hwp) -- C:\Users\user\Documents\보내려하는 e-mail주소들.hwp
[2011/03/14 02:23:10 | 000,017,408 | ---- | M] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
[2011/03/14 02:23:09 | 000,017,408 | ---- | C] ()(C:\Users\user\Documents\??? ???.hwp) -- C:\Users\user\Documents\박만순 나에게.hwp
[2011/03/13 04:05:59 | 000,015,360 | ---- | M] ()(C:\Users\user\Desktop\??????.hwp) -- C:\Users\user\Desktop\총회명단에서.hwp
[2011/03/10 11:41:58 | 000,016,384 | ---- | M] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
[2011/03/10 11:41:58 | 000,016,384 | ---- | C] ()(C:\Users\user\Documents\?????????? ??? ??????? ???? ???.hwp) -- C:\Users\user\Documents\윤석전ㆍ김항안목사의 남가주 영적대각성집회 강력반대 성명서.hwp
[2010/11/26 22:36:06 | 000,027,136 | ---- | M] ()(C:\Users\user\Desktop\??? ??? ???.hwp) -- C:\Users\user\Desktop\윤석전 부흥회 인사글.hwp
[2010/10/15 20:30:13 | 000,085,196 | ---- | M] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
[2010/10/15 20:30:13 | 000,085,196 | ---- | C] ()(C:\Users\user\Documents\??????(???)[1].doc) -- C:\Users\user\Documents\우편진술조서(전경호)[1].doc
[2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
[2010/09/26 01:45:30 | 000,000,000 | ---D | M](C:\Program Files\????) -- C:\Program Files\소리바다
[2009/04/12 19:20:11 | 000,000,971 | ---- | M] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
[2009/04/12 19:20:11 | 000,000,971 | ---- | C] ()(C:\Users\user\Desktop\OpenOffice.org Writer ??.lnk) -- C:\Users\user\Desktop\OpenOffice.org Writer 한글.lnk
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\보조프로그램
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????? ???) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\프로젝터용 찬양집
(C:\Program Files\????) -- C:\Program Files\소리바다
< End of report >

paulsingsong, Jan 12, 2012

#9
Broni Malware Annihilator

Should I shut if off using the"power on" button and restart windows normally?

Yes please.

Broni, Jan 12, 2012

#10
paulsingsong Newcomer, in training

When I first logged onto "user" a windows explorer pop-up came up asking for the admin (username: glo) password. I pressed cancel and the screen went blue again. I logged out and back onto user. I entered the password for Glo and It redirected me to the desktop of Glo and out of "user". I logged out of Glo and back onto user, and now the "user" desktop is not showing symptoms.

paulsingsong, Jan 12, 2012

#11
Broni Malware Annihilator

Very well.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Broni, Jan 12, 2012

#12
paulsingsong Newcomer, in training

Ran Malwarebyte and there were no malicious items. Currently moving onto Step 3: Gmer.

---------------

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
glo :: USER-PC [administrator]

Protection: Enabled

1/12/2012 11:07:48 AM
mbam-log-2012-01-12 (11-07-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221140
Time elapsed: 11 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

paulsingsong, Jan 12, 2012

#13
paulsingsong Newcomer, in training

Here is the Gmer log. Moving onto step 4: DDS

----------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-12 11:36:38
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHY2250BH rev.0000000B
Running: cc4kedff.exe; Driver: C:\Users\glo\AppData\Local\Temp\kxldapob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9410C7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

paulsingsong, Jan 12, 2012

#14
paulsingsong Newcomer, in training

DDS and Attach logs respectively:

------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by glo at 11:42:08 on 2012-01-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.949.82.1033.18.2943.1615 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.averatec.com/
mDefault_Page_URL = hxxp://www.averatec.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ICSDCLT] c:\windows\rundll32.exe c:\windows\system32\icsdclt.dll,ICSClient
mRun: [HncUpdate] c:\program files\common files\hnc\hncutils\HncUpdate.exe /A
mRun: [Skytel] Skytel.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunServices: [SSDPSRV] c:\windows\system32\ssdpsrv.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aveost~1.lnk - c:\program files\aveo\aveo uvc filter driver kit\AveoSTI.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {3543897F-577B-4371-99E6-20EC4FA31A4F} - hxxp://god.bu.ac.kr/buis/Biin/MyBuilderViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5
DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://cyimg7.cyworld.com/cymusic/package/skcaset.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D376DDDD-15A6-4A9E-872D-90397276BC10} : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-24 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-24 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-24 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-24 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-5-2 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-12 652872]
R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2008-1-23 40960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-12 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-12 20464]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2008-1-23 19456]
R3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-24 23224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-31 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-01-12 19:04:53 -------- d-----w- c:\users\glo\appdata\roaming\Malwarebytes
2012-01-12 19:04:37 -------- d-----w- c:\programdata\Malwarebytes
2012-01-12 19:04:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-12 19:04:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-12 18:54:06 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ae278ab-0135-4f74-b51e-fa96f9850bb9}\offreg.dll
2012-01-12 18:37:21 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3ae278ab-0135-4f74-b51e-fa96f9850bb9}\mpengine.dll
2012-01-12 14:38:30 -------- d-----w- C:\_OTL
2012-01-09 19:30:46 -------- d-----w- c:\program files\PC Tools Security
2012-01-09 19:30:46 -------- d-----w- c:\program files\common files\PC Tools
2012-01-09 19:14:46 -------- d-----w- c:\programdata\PC Tools
2012-01-09 19:14:45 -------- d-----w- c:\users\glo\appdata\roaming\TestApp
.
==================== Find3M ====================
.
2011-12-08 04:13:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 11:44:43.83 ===============

Attach log:

-----------------------------------------------

.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
4500_Help
8500A909_eDocs
8500A909_Help
8500A909g
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
avast! Free Antivirus
AveoCap
Bonjour
BPD_DSWizards
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
C5500
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
D3DX10
Data Lifeguard Diagnostic for Windows
Daum ActiveX 컨트롤 - Daum 음악 플레이어
Daum ActiveX 컨트롤 - 한메일 파일업로더
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocMgr
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Driver Detective
Fax
Free Audio CD Burner version 1.4
Free Media Player 0.1
Free YouTube to MP3 Converter version 3.9
GPBaseService2
Haansoft Hangul 2007
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet J4500 Series
HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iTunes
J4500
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Junk Mail filter update
Korean Fonts Support For Adobe Reader 8
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.23)
MPM
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
Power2Go 5.0
PowerDVD
ProductContext
PS_AIO_04_C5500_Software_Min
QuickTime
Real Alternative 2.0.2 Lite
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shop for HP Supplies
Skins
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Soribada Downloader
Status
Synaptics Pointing Device Driver
System Control Manager
Toolbox
TrayApp
Uninstall 1.0.0.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WD Drive Manager (x86)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
프로젝터용 찬양집
.
==== End Of File ===========================

------------

paulsingsong, Jan 12, 2012

#15
Broni Malware Annihilator
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Jan 12, 2012

#16
paulsingsong Newcomer, in training

Avast scan results:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-12 12:16:55
-----------------------------
12:16:55.901 OS Version: Windows 6.0.6002 Service Pack 2
12:16:55.901 Number of processors: 2 586 0x6802
12:16:55.904 ComputerName: USER-PC UserName: glo
12:16:58.202 Initialize success
12:16:58.814 AVAST engine defs: 12011200
12:17:19.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:17:19.039 Disk 0 Vendor: FUJITSU_MHY2250BH 0000000B Size: 238475MB BusType: 3
12:17:19.069 Disk 0 MBR read successfully
12:17:19.073 Disk 0 MBR scan
12:17:19.077 Disk 0 Windows VISTA default MBR code
12:17:19.086 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
12:17:19.094 Disk 0 scanning sectors +488395120
12:17:19.171 Disk 0 scanning C:\Windows\system32\drivers
12:17:33.105 Service scanning
12:17:36.021 Modules scanning
12:17:54.345 Disk 0 trace - called modules:
12:17:54.371 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
12:17:54.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x888502f0]
12:17:54.751 3 CLASSPNP.SYS[8d1a78b3] -> nt!IofCallDriver -> [0x885ff918]
12:17:54.758 5 acpi.sys[806116bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x88615820]
12:17:55.609 AVAST engine scan C:\Windows
12:18:03.306 AVAST engine scan C:\Windows\system32
12:20:03.652 AVAST engine scan C:\Windows\system32\drivers
12:20:14.766 AVAST engine scan C:\Users\glo
12:22:13.173 AVAST engine scan C:\ProgramData
12:24:16.954 Scan finished successfully
12:38:08.301 Disk 0 MBR has been saved successfully to "C:\Program Files\Mozilla Firefox\MBR.dat"
12:38:08.312 The log file has been saved successfully to "C:\Program Files\Mozilla Firefox\aswMBR.txt"

Bootkit scan results:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

paulsingsong, Jan 12, 2012

#17
Broni Malware Annihilator

You posted aswMBR log twice.
Please pay attention.

Broni, Jan 12, 2012

#18

paulsingsong Newcomer, in training

Sorry every time I pressed Ctrl+C Bootkit would shut down without copying. I have fixed the problem.

Code:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

paulsingsong, Jan 12, 2012

#19

Broni Malware Annihilator
Please do NOT wrap any logs in "code".

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Jan 12, 2012

#20

(You must log in or sign up to reply here.)

Page 1 of 4

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved