Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Server got slower, google redirect on search links

Started by Jiyoung , Jul 20 2011 11:36 PM

  • Please log in to reply

#1
Jiyoung
Posted 20 July 2011 - 11:36 PM

Jiyoung

    New Member

  • Member
  • Pip
  • 4 posts
Hi!
I've been experiencing google research links redirecting to ads sites for few weeks. And my Server 2008 computer is slow these days...thus my websites that are hosted on this server computer.
I don't know how to fix it. I used Malwarebytes program and hoped it would clear up but no effect...It showes 9 infections and I deleted them and hoped google links will be back to normal again.

Thank you for your kind help!!

OTL logfile created on: 2011-07-21 오후 2:10:18 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = D:\download\spymalware
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 0.33 Gb Available Physical Memory | 16.33% Memory free
4.98 Gb Paging File | 1.04 Gb Available in Paging File | 20.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 13.24 Gb Free Space | 26.48% Space Free | Partition Type: NTFS
Drive D: | 91.44 Gb Total Space | 54.52 Gb Free Space | 59.62% Space Free | Partition Type: NTFS
Drive E: | 91.44 Gb Total Space | 60.56 Gb Free Space | 66.23% Space Free | Partition Type: NTFS

Computer Name: WIN-U0VN9SR7OY9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-15 00:37:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\download\spymalware\OTL.exe
PRC - [2011-06-23 18:55:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-04-01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011-02-02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2011-01-21 12:32:20 | 000,045,131 | ---- | M] (The PHP Group) -- C:\Program Files\PHP\v5.2\php-cgi.exe
PRC - [2010-11-30 05:49:38 | 000,024,636 | ---- | M] (Apache Software Foundation) -- D:\sites\NookuTools\bin\httpd.exe
PRC - [2010-10-02 23:08:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010-03-25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009-04-11 21:57:57 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2009-04-11 21:57:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009-04-11 21:57:20 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008-01-19 20:23:48 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\WMSvc.exe
PRC - [2008-01-19 20:23:39 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsrm.exe
PRC - [2007-03-21 20:53:00 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe


========== Modules (SafeList) ==========

MOD - [2011-07-15 00:37:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- D:\download\spymalware\OTL.exe
MOD - [2010-10-01 23:15:35 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_d08a21a2442db2dc\msvcr80.dll
MOD - [2010-10-01 23:15:35 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_d08a21a2442db2dc\msvcp80.dll
MOD - [2010-09-01 00:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008-12-04 05:47:44 | 000,419,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IMKR12.IME
MOD - [2008-01-19 16:36:56 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-04-01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011-02-02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Windows\System32\java.exe -- (CSVNConsole)
SRV - [2010-11-30 05:49:38 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\sites\NookuTools\bin\httpd.exe -- (CollabNetSubversionServer)
SRV - [2010-10-02 23:08:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-04-22 03:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010-04-22 03:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009-07-20 14:36:12 | 000,331,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2009-04-11 21:57:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009-04-11 21:57:42 | 000,078,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rsopprov.exe -- (RSoPProv)
SRV - [2008-11-24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe -- (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE)
SRV - [2008-07-29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008-01-19 20:23:59 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rqs.exe -- (Rqs)
SRV - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008-01-19 20:23:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008-01-19 20:23:39 | 000,754,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wsrm.exe -- (WSRM)
SRV - [2008-01-19 20:23:32 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sacsvr.dll -- (sacsvr)
SRV - [2008-01-19 20:23:31 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FCRegSvc.dll -- (FCRegSvc)
SRV - [2007-10-11 10:45:34 | 000,111,288 | ---- | M] (NHN Corp.) [Disabled | Stopped] -- C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe -- (Naver Updater)


========== Driver Services (SafeList) ==========

DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-04-05 20:00:57 | 000,011,808 | ---- | M] (Rsupport Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VRVD302.sys -- (VRVD302)
DRV - [2011-04-02 10:06:40 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2011-04-02 10:06:40 | 000,021,640 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)
DRV - [2010-04-03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009-04-11 21:57:01 | 000,185,320 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-04-11 21:57:01 | 000,035,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2008-07-10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008-01-25 16:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-01-19 20:24:01 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2008-01-19 20:23:32 | 000,088,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\sacdrv.sys -- (sacdrv)
DRV - [2008-01-19 20:23:25 | 000,042,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\storflt.sys -- (storflt)
DRV - [2008-01-19 20:23:25 | 000,031,232 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\qd26032.sys -- (ioatdma) Intel®
DRV - [2008-01-19 20:23:25 | 000,015,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\s3cap.sys -- (s3cap)
DRV - [2005-03-16 15:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BIOS.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "res://iesetup.dll/SoftAdmin.htm"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 23:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-23 18:55:04 | 000,000,000 | ---D | M]

[2010-10-04 16:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011-07-21 13:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions
[2010-10-06 07:17:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-03-10 20:24:24 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011-06-23 18:55:10 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions\[email protected]
[2011-07-16 18:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-01-31 21:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-03-28 17:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-21 18:24:32 | 000,200,793 | ---- | M] (INITECH ©) -- C:\Program Files\mozilla firefox\plugins\npINISAFEWeb60.dll
[2011-03-10 20:24:14 | 000,004,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\danawa-kr.xml
[2011-03-10 20:24:14 | 000,007,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\daum-kr.xml
[2011-03-10 20:24:14 | 000,004,262 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\naver-kr.xml
[2011-03-10 20:24:14 | 000,001,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-kr.xml
[2011-03-10 20:24:14 | 000,001,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-kr.xml

O1 HOSTS File: ([2006-09-19 06:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Naver SafeGuard) - {000011A1-74C9-4c7e-9B4E-59B5765CF409} - c:\Program Files\Naver\NaverToolbar\NaverSafeGuard\nSafeGuard_2011_6_2_1.dll (NHN Corp.)
O2 - BHO: (Adobe PDF Reader 링크 도우미) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (네이버 툴바 도우미) - {67C41E9E-2EBF-4F2B-AF74-314F0D793172} - C:\Program Files\Naver\NaverToolbar\NaverTB_3_5_10_87.dll (NHN Corp.)
O3 - HKLM\..\Toolbar: (네이버 툴바) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\Naver\NaverToolbar\NaverTB_3_5_10_87.dll (NHN Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O8 - Extra context menu item: 네이버 검색 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 북마크하기 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 블로그 담기 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 사전 검색 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 오픈캐스트 링크등록 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 일한 번역 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bigfile.co.kr ([]* in 신뢰할 수 있는 사이트)
O15 - HKCU\..Trusted Domains: bigfile.co.kr ([]http in 신뢰할 수 있는 사이트)
O15 - HKCU\..Trusted Domains: bigfile.co.kr ([]https in 신뢰할 수 있는 사이트)
O16 - DPF: {7FAE8B01-5F20-43AC-9DFF-ABDA3591BBB4} http://www.bigfile.c...igFileVista.cab (BigFileElevatorX Control)
O16 - DPF: {884E8485-BAA8-4081-BFA9-2E12C7DAFDEB} http://www.albamon.c...orcontrolex.cab (WebProtectorControlEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.k..._ansimclick.cab (V3D Client Control)
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} https://download.auc.../BankPayEFT.cab (BankPayEFTCtrl Control)
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} http://program.webha...DacomUpload.cab (DacomUpload Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} http://www.congnamul...p_V2_0_0_19.cab (CongnamulMap4Asp Control)
O16 - DPF: {DD8C54E8-9028-4A54-96B9-30761B1F80DF} http://cyber.kepco.c...down/INIS60.exe (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....PCTLD_VISTA.cab (KvpIspCtlD Control)
O16 - DPF: {EF256D78-3982-4F12-900B-AD8B254A43BD} http://reselleradmin...vice/FtpCtl.cab (Cafe24FtpL Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.co...averAXGuide.cab (NaverAXGuide Class)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{35ca709b-cd3a-11df-b512-89d13e40426a}\Shell - "" = AutoRun
O33 - MountPoints2\{35ca709b-cd3a-11df-b512-89d13e40426a}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-21 13:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\younghun
[2011-07-16 12:42:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\text
[2011-07-14 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011-07-14 23:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-07-14 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011-07-14 23:50:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-14 23:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-14 23:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-07-14 23:50:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-07-14 23:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-14 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7FDCBA24-033C-4348-8C8E-D154455E0249}
[2011-07-13 17:30:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\ioncube
[2011-07-13 06:37:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6651A4D-BA8B-4FAD-ACCE-12462F9F622D}
[2011-07-12 10:12:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8B8EB0EA-2C3F-454F-9822-38F8C50BCB8F}
[2011-07-11 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8335E086-CF1F-4D06-9B00-8805D80E1D81}
[2011-07-07 10:46:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4743BAE4-E8C0-490A-A627-9210061604FA}
[2011-07-01 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{27699FEE-EDCB-45E2-8BA7-166276090B40}
[2011-07-01 22:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Expat 2.0.1
[2011-06-29 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C16237D0-0EB1-4FB4-9AC3-041EC1045849}
[2011-06-28 23:18:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BEF210A6-1DBD-47B7-B6DA-559197BA9835}
[2011-06-28 19:56:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\discussitmoderator
[2011-06-27 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BC657B3F-678B-4B25-8A03-6E9BCBAD85D4}
[2011-06-26 10:06:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{88174A28-29DD-4C19-9984-B0A37A7B82B8}
[2011-06-23 18:54:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9FBF0863-0278-4FED-BE34-C233E0A94B67}
[2011-06-22 02:04:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{0DB05B68-C0A3-4846-B7B5-C7ECF854A008}
[2008-01-19 20:24:28 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\sdohlplib.dll

========== Files - Modified Within 30 Days ==========

[2011-07-21 13:57:12 | 000,000,726 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224543415-1866084954-3480454874-500UA.job
[2011-07-21 13:28:06 | 000,002,539 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011-07-21 13:21:52 | 000,005,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-21 13:21:51 | 000,005,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-21 00:17:27 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79279A52-C67A-49F5-AF1E-56D823B99AC0}.job
[2011-07-20 19:12:46 | 000,046,972 | ---- | M] () -- C:\Users\Administrator\Desktop\minheight.gif
[2011-07-20 14:57:01 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224543415-1866084954-3480454874-500Core.job
[2011-07-20 02:11:51 | 000,009,588 | ---- | M] () -- C:\Users\Administrator\Desktop\jiyoung.jpg
[2011-07-18 21:44:06 | 000,001,120 | ---- | M] () -- C:\Windows\System32\index.xml
[2011-07-18 19:18:39 | 000,000,322 | -HS- | M] () -- C:\Windows\tasks\Abkk.job
[2011-07-18 19:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-18 19:18:26 | 2138,628,096 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-17 12:28:49 | 000,166,912 | ---- | M] () -- C:\Windows\System32\libmcrypt.dll
[2011-07-14 23:50:22 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-14 12:36:38 | 000,000,005 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2011-07-14 12:33:32 | 000,629,612 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2011-07-14 12:33:31 | 000,864,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-14 12:33:31 | 000,206,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-14 12:33:31 | 000,206,692 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2011-07-14 11:08:08 | 001,779,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011-07-20 19:12:42 | 000,046,972 | ---- | C] () -- C:\Users\Administrator\Desktop\minheight.gif
[2011-07-20 02:11:46 | 000,009,588 | ---- | C] () -- C:\Users\Administrator\Desktop\jiyoung.jpg
[2011-07-17 12:28:46 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2011-07-14 23:52:22 | 000,002,539 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011-07-14 23:50:22 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-01 22:56:59 | 000,413,696 | ---- | C] () -- C:\Windows\System32\sablot.dll
[2011-07-01 22:47:02 | 000,151,552 | ---- | C] () -- C:\Windows\System32\libexpat.dll
[2011-02-11 17:19:11 | 000,135,168 | RHS- | C] () -- C:\Windows\System32\wshomt.dll
[2011-01-31 23:15:02 | 000,000,652 | ---- | C] () -- C:\Windows\pear.ini
[2011-01-24 14:35:48 | 000,567,152 | ---- | C] () -- C:\Windows\System32\NJUninst.exe
[2010-12-03 12:46:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\KCPPaymentUX.dll
[2010-11-17 14:19:16 | 001,105,920 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2010-11-05 10:54:36 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2010-10-04 17:40:37 | 000,000,024 | ---- | C] () -- C:\Windows\System32\scskConfigEH.ini
[2010-10-04 16:17:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-10-03 22:36:35 | 000,025,872 | ---- | C] () -- C:\Windows\System32\INIUAC.exe
[2010-10-02 23:11:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010-10-01 18:07:14 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010-05-11 22:55:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\webprotectorhook.dll
[2009-09-07 16:59:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\y5wrapper.dll
[2009-09-07 16:59:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\y5winwrap.dll
[2009-09-07 16:57:46 | 000,212,992 | ---- | C] () -- C:\Windows\System32\y5csel.dll
[2009-09-02 09:07:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\y5cview.dll
[2009-09-02 09:07:44 | 000,389,120 | ---- | C] () -- C:\Windows\System32\y5cert.dll
[2009-09-02 09:07:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\y5clist.dll
[2009-09-01 18:16:38 | 000,184,320 | ---- | C] () -- C:\Windows\System32\y5base.dll
[2009-04-14 10:47:32 | 000,629,612 | ---- | C] () -- C:\Windows\System32\perfh012.dat
[2009-04-14 10:47:32 | 000,206,692 | ---- | C] () -- C:\Windows\System32\perfc012.dat
[2009-04-14 10:47:32 | 000,155,890 | ---- | C] () -- C:\Windows\System32\perfi012.dat
[2009-04-14 10:47:32 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd012.dat
[2009-04-11 21:57:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-04-11 21:57:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009-04-11 21:57:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-02-26 13:53:34 | 000,045,116 | ---- | C] () -- C:\Windows\System32\KvpSetRegistry.exe
[2008-02-11 11:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008-01-19 20:43:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2008-01-19 20:35:10 | 001,779,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2008-01-19 20:24:26 | 000,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2008-01-19 20:24:26 | 000,001,048 | ---- | C] () -- C:\Windows\System32\SetupNfsIdMap.exe.config
[2008-01-19 20:24:26 | 000,000,989 | ---- | C] () -- C:\Windows\System32\NfsConfigGuide.exe.config
[2008-01-19 20:24:26 | 000,000,940 | ---- | C] () -- C:\Windows\System32\ProvisionShare.exe.config
[2008-01-19 20:24:26 | 000,000,933 | ---- | C] () -- C:\Windows\System32\ProvisionStorage.exe.config
[2008-01-19 17:56:38 | 000,864,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2008-01-19 17:56:38 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2008-01-19 17:56:38 | 000,206,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2008-01-19 17:56:38 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2008-01-19 17:45:36 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2008-01-19 14:56:52 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2008-01-19 13:34:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2008-01-04 04:04:28 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2008-01-04 03:57:53 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007-05-18 17:43:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\KVPSetupEx.exe
[2007-05-10 08:15:34 | 000,028,672 | ---- | C] () -- C:\Windows\System32\ISP_crgen.dll
[2005-06-29 18:45:44 | 000,708,096 | ---- | C] () -- C:\Windows\System32\INIcrypto20.dll

========== LOP Check ==========

[2011-07-13 21:03:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BitTorrent
[2011-02-04 22:53:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ClientKeeper
[2011-06-28 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\discussitmoderator
[2011-04-14 13:19:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EditPlus 2
[2011-07-14 11:52:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EditPlus 3
[2010-10-03 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GuardShell
[2011-03-22 21:52:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HNC
[2011-01-31 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Subversion
[2010-10-28 09:26:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011-03-23 00:32:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer
[2011-07-18 19:18:39 | 000,000,322 | -HS- | M] () -- C:\Windows\Tasks\Abkk.job
[2011-07-18 19:17:01 | 000,012,302 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011-07-21 00:17:27 | 000,000,404 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79279A52-C67A-49F5-AF1E-56D823B99AC0}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 21 July 2011 - 12:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, (All) Programs, Accessories, right click on Command Prompt and select Run As Administrator. Type with an Enter after each line:


at  > \junk.txt

notepad  \junk.txt

Copy and paste the text from notepad into a reply.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.

Get the latest Java at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011-01-31 21:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011-03-28 17:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O33 - MountPoints2\{35ca709b-cd3a-11df-b512-89d13e40426a}\Shell - "" = AutoRun
O33 - MountPoints2\{35ca709b-cd3a-11df-b512-89d13e40426a}\Shell\AutoRun\command - "" = F:\SETUP.EXE
[2011-07-18 19:18:39 | 000,000,322 | -HS- | M] () -- C:\Windows\tasks\Abkk.job
[2011-02-11 17:19:11 | 000,135,168 | RHS- | C] () -- C:\Windows\System32\wshomt.dll
[2011-07-18 21:44:06 | 000,001,120 | ---- | M] () -- C:\Windows\System32\index.xml

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes' make sure it checks for updates before running.

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
Jiyoung
Posted 22 July 2011 - 12:19 AM

Jiyoung

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
WOW...!!!
Thank you for your kind and quick reply!!!

It's overwhelming on how to do that but I will follow it.
Will let you know!

Thank you so much. I really really appreciate your time and kindness. :)

Jiyoung
  • 0

#4
Jiyoung
Posted 23 July 2011 - 10:25 AM

Jiyoung

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ron!!!

Thank you so much!
Now my computer is fast and I had no weird thing came out from scan!!
I followed everything!!
Google link is not anymore redirected!!!!

THANK YOU SO MUCH!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Kind regards from Korea
Jiyoung
  • 0

#5
RKinner
Posted 23 July 2011 - 07:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You really should post the logs you got from the scans so I can make sure your system is clean.

Ron
  • 0

#6
Jiyoung
Posted 23 July 2011 - 08:16 PM

Jiyoung

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here are my log files. :)

Start, (All) Programs, Accessories, right click on Command Prompt and select Run As Administrator. Type with an Enter after each line:


at  > \junk.txt

notepad  \junk.txt

For Korean words, it was saying no items(category) found on the list.


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

OTL Extras logfile created on: 2011-07-23 오후 11:33:50 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = E:\download\spymalware
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 13.75% Memory free
4.24 Gb Paging File | 1.22 Gb Available in Paging File | 28.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 13.09 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive D: | 91.44 Gb Total Space | 77.30 Gb Free Space | 84.54% Space Free | Partition Type: NTFS
Drive E: | 91.44 Gb Total Space | 40.28 Gb Free Space | 44.05% Space Free | Partition Type: NTFS

Computer Name: WIN-U0VN9SR7OY9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9C5D37-ACC7-418B-9D36-FC639AF551B8}" = lport=110 | protocol=6 | dir=in | name=pop |
"{18383112-60F1-4D77-807E-C1921A0541AE}" = lport=5358 | protocol=6 | dir=in | app=system |
"{1ED1AE83-4F51-4683-BE9C-D47992CCC716}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{203CE1C0-FE8E-4383-9FF4-D345D4DEC960}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{258463DB-0F09-42C7-85B3-C65E93CA1B3C}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BB2588B-03B5-4313-ACDF-0E11C0B4EA33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2F178540-D0BD-4E54-BB63-91DF4A568DC7}" = lport=137 | protocol=17 | dir=in | app=system |
"{37E42C32-4B52-48F9-9067-E46D52964C82}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{39ED963D-5041-4F43-A145-AECE7B4D5157}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5384C52A-1DA6-4838-BC5A-8EFD3AF55BCA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{55869CD4-F3C2-41AD-B694-EC110D0345EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CB70B09-6B79-4A01-9300-7FA2297773FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60BF65FF-B5F6-4E9D-B743-80063A27102A}" = lport=138 | protocol=17 | dir=in | app=system |
"{621B87CE-B558-49F3-985E-85BE24D1586E}" = lport=3343 | protocol=6 | dir=in | name=collabnet subversion edge console |
"{631A034B-8AE7-435D-A00C-AEE893C898BD}" = lport=5357 | protocol=6 | dir=in | app=system |
"{6598E9CD-AAAE-47F9-92B8-17FC6E28D33A}" = rport=138 | protocol=17 | dir=out | app=system |
"{6E5ED7FE-0CDA-4BCF-A7FF-4D516142A0DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{6E885838-4780-48B3-8C0D-5F8A72DBA3B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F1FFBD3-B8D2-458E-83A2-3475A63F5818}" = lport=445 | protocol=6 | dir=in | app=system |
"{905EF213-1872-4837-B128-1CA23F44BF36}" = rport=138 | protocol=17 | dir=out | app=system |
"{91FDE36D-FC44-4FCD-A647-6C7B93968082}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9D61564C-7AAF-47EE-86BD-3823F332C2F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9F497AF1-4648-4B12-AA37-C8CB51B270A2}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1BC94AE-2075-4246-81AA-0108EF91085C}" = rport=137 | protocol=17 | dir=out | app=system |
"{AAF90843-D856-4B87-9074-1787C9563169}" = lport=445 | protocol=6 | dir=in | app=system |
"{AD50A087-7899-4B75-A67C-C473B2938F41}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7B9E87C-7EC4-4D68-83E2-7733923AFB45}" = lport=4434 | protocol=6 | dir=in | name=collabnet subversion edge ssl |
"{B7BACC62-2EF8-4667-8703-13B9A0738112}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B875BC28-49FA-43E7-B009-43273E2C44A3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B87D38D3-39D4-480E-B95B-F8838CDBB971}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDCEE5EF-D916-4045-966A-557442723C11}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE66AAC0-69E3-44FF-9FBB-0003EC700824}" = lport=138 | protocol=17 | dir=in | app=system |
"{C08EE73E-BCAB-4D88-8406-05533AE11358}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C314CD67-EEFC-4E0E-9FE6-AB8901F020F0}" = lport=25 | protocol=6 | dir=in | name=smtp |
"{C746E2BC-6F56-4AC6-A9C0-A25A3D229884}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C91B1667-B3CC-4B3A-9E03-EB6C15529582}" = lport=138 | protocol=17 | dir=in | app=system |
"{CAA6004B-6ECB-43FF-8236-75B21024FE6B}" = lport=143 | protocol=6 | dir=in | name=imap |
"{DB9D2FA1-ECC6-4270-8037-DB8F6EE7D137}" = rport=445 | protocol=6 | dir=out | app=system |
"{E27AE809-4345-4D2C-96E1-72758F1E8479}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E864C42D-C62C-4C6F-AA5C-295367B7B07B}" = rport=5358 | protocol=6 | dir=out | app=system |
"{F4233F54-B948-41BE-9D09-C292A082F119}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8ECEA7A-6105-415E-9D97-47E132E25A7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9D33368-C0D7-407A-AA21-E2AAC1364845}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBF20804-4262-4192-9620-8B95FCCA521F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FDD5D016-F89F-4D20-9A73-4E48B8F812E3}" = rport=5357 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05CEC5D3-AE1D-4A2F-826F-B11868B81E27}" = protocol=17 | dir=in | app=c:\program files\nateon\bin\nateonmain.exe |
"{108F7A03-EB2A-4190-A040-80CEBD114F41}" = protocol=58 | dir=out | [email protected],-28546 |
"{25C404B1-3880-49B5-A870-A4BAF7F9011B}" = protocol=58 | dir=in | [email protected],-28545 |
"{3419359E-011C-4BBE-B853-5417FB58796E}" = protocol=17 | dir=in | app=%programfiles%\quickdownloadservice\qdownservice.exe |
"{550A8EFA-201A-4248-A68F-1873A53F1B6D}" = protocol=58 | dir=out | [email protected],-28546 |
"{6B621B24-71F4-429B-8C96-8AA7A64AD797}" = protocol=6 | dir=in | app=d:\sites\nookutools\bin\httpd.exe |
"{7C62CECF-A18E-495A-8DD1-7B517831BBEC}" = protocol=1 | dir=out | [email protected],-28544 |
"{898369FB-99DC-4548-BE26-4950D3FBBDAB}" = protocol=6 | dir=out | app=system |
"{A51CE789-22A3-4414-B5B7-1C1F16533FC6}" = protocol=17 | dir=in | app=d:\sites\nookutools\bin\httpd.exe |
"{A533658A-4DCB-4447-A295-285C699B9886}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{BEC1277E-7ADB-4A4F-AD2E-894BB8243015}" = protocol=6 | dir=in | app=%programfiles%\quickdownloadservice\qdownservice.exe |
"{D045C05E-0B4F-4D65-8254-39CD27D884EC}" = protocol=58 | dir=in | [email protected],-28545 |
"{D08F4612-5B01-4985-A8F2-4A08AD181371}" = protocol=6 | dir=in | app=c:\program files\nateon\bin\nateonmain.exe |
"{E5B61A72-0E22-457F-AD92-EA0E48B5F2E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E90BEF81-1FCF-4D3D-B916-C5B73D940B60}" = protocol=1 | dir=out | [email protected],-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0240D26B-56C8-428E-95FF-D5D5644A6A6D}" = WebsitePanel Installer
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A7EA72-0F00-4D53-A81C-A5D925711141}" = Microsoft SQL Server 2008 Full text search
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{08380D2D-1D56-45AB-80BF-C0DCB8900DDA}" = Microsoft SQL Server 2008 R2 설치(한국어)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE0A489-1FA0-44AA-B956-B9A447966CD5}" = IIS 7.5 Express
"{0D898B78-403F-482A-8B92-76E093196702}" = Microsoft SQL Server 2008 정책
"{0DE8B4A8-C220-4036-9CCE-9AAD12CA88FA}" = SQL Server 2008 R2 Database Engine Shared
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = 웹 배포 도구
"{13EA8B24-92CF-4AEB-B9C3-D3F374E35A7B}" = CollabNet Subversion Edge
"{15F45BB6-DE28-4437-8B0C-74CF285498CA}" = Microsoft SQL Server Compact 3.5 SP1 한국어
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BDC40F-C6F0-4333-9838-1907EB4E7192}" = IIS Database Manager
"{1BDC1AB0-2677-4593-8F94-329F7CA8F670}" = Adobe Creative Suite 3 Design Premium
"{1DBC5C00-64B3-4EE4-8892-68AE0E8C83DC}" = Microsoft SQL Server VSS Writer
"{1DF54C17-8167-4786-992F-B4A04A398ED1}" = Microsoft SQL Server 2008 온라인 설명서(한국어)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{223C3D67-3C34-4AA7-AB8A-8ACA81EC5097}" = Microsoft SQL Server Compact 4.0 KOR
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216021F0}" = Java™ 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C557BC2-9FC4-4293-9E36-F6F5079E3E0C}" = Microsoft Windows PowerShell snap-in for IIS 7.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5366E3-4713-4254-9E34-BA29F6CF4511}" = 한컴오피스 뷰어 2010
"{4BF002DD-578F-4881-8A44-74A95617ED59}" = PHP 5.2.14
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4D28EFCF-5999-44D2-8D4E-AC643E76C33F}" = Microsoft SQL Server 2008 Client Tools
"{4DD6BCDF-3721-499C-A5FB-AC40F646BAC1}" = SQL Server 2008 R2 Common Files
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F0C47-AF9A-3A01-B988-295602178221}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - KOR
"{56222B95-3FDB-485E-8269-736AEABF9B7B}" = Microsoft ASP.NET Web Pages - KOR
"{58FAD0EA-DCE4-49F5-B541-B1529012F4EC}" = Microsoft SQL Server 2008 Management Studio
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 6.2.3
"{61920449-0393-4707-B7DD-E6C0013C8B2C}" = 원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{66702200-BC43-406C-8F34-A445105B95E5}" = Windows Cache Extension 1.1 for PHP 5.3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AC0590C-6462-4C41-8049-11A2DC6C8FC0}" = Microsoft SQL Server 2008 R2 Native Client
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{720BFCA1-6A42-43B8-BFE6-86CA8375A57E}" = Microsoft SQL Server Compact 4.0 웹 도구 KOR
"{76D765BA-073F-4ACB-ADDD-0A354E95A18A}" = Microsoft SQL Server 2008 Reporting Services
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89A5A14E-6ACE-314D-A914-0A28F8833976}" = Microsoft Visual Studio 2008 Shell (integrated mode) - KOR
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0412-0000-0000000FF1CE}" = Microsoft Office Access MUI (Korean) 2007
"{90120000-0015-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0412-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Korean) 2007
"{90120000-0016-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0412-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Korean) 2007
"{90120000-0018-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0412-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Korean) 2007
"{90120000-0019-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Korean) 2007
"{90120000-001A-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0412-0000-0000000FF1CE}" = Microsoft Office Word MUI (Korean) 2007
"{90120000-001B-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2007
"{90120000-001F-0412-0000-0000000FF1CE}_PROPLUS_{B017C4D5-E774-4A94-A8E3-380489B86F47}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2007
"{90120000-0028-0412-0000-0000000FF1CE}_PROPLUS_{15281683-B481-47B8-A981-7043F35441FF}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0412-0000-0000000FF1CE}" = Microsoft Office Proofing (Korean) 2007
"{90120000-0044-0412-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Korean) 2007
"{90120000-0044-0412-0000-0000000FF1CE}_PROPLUS_{7D3514BC-B31A-4D94-9192-B475E8980AB1}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0412-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Korean) 2007
"{90120000-006E-0412-0000-0000000FF1CE}_PROPLUS_{54E2904F-86F8-459E-AADA-FE0D01DDDC5E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0412-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0412-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9553241E-0B78-4EF6-9896-5D9123D2153E}" = Microsoft WebMatrix
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{972B9815-783B-3136-9247-CF62322C4E40}" = Microsoft .NET Framework 3.5 Language Pack SP1 - kor
"{98557CDC-8F88-461D-9888-DA4200FE1313}" = Microsoft SQL Server 2008 설치 지원 파일
"{9BB640F4-3391-4ABC-8EA0-8CD3628620E9}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools 한국어
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A367F916-8DB4-4433-B100-248E7D4A852C}" = Windows Cache Extension 1.1 for PHP 5.2
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A53FCCFB-B747-422D-BD61-5F68FE558310}" = Microsoft SQL Server 2008 BI Development Studio
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1042-7B44-A81000000003}" = Adobe Reader 8.1.0 - Korean
"{B26FE5DE-6EC1-39B3-8FD2-4C1C8AB5ADD6}" = Microsoft .NET Framework 4 Client Profile KOR Language Pack
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}" = Microsoft SQL Server 2008 R2 Management Objects
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B8D45356-1BE7-44E5-BEAE-96800C4512AD}" = Microsoft SQL Server 2008 Database Engine Services
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = SQL Server 2008 R2 Database Engine Services
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BC5929D3-9D88-4B35-8E37-CD1F2849292C}" = IIS Search Engine Optimization Toolkit 1.0
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C56CB4CD-611A-4040-BDBE-BB7F663E458E}" = Microsoft SQL Server 2008 Client Tools
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6E388F5-F0BE-A758-93BE-15758C09C0ED}" = TweetDeck
"{C6E9540C-4B66-4367-A8CF-570DCFD9F030}" = Administration Pack for IIS 7.0
"{C894F8E6-6A62-4BC2-96B9-C6399199631D}" = Microsoft SQL Server Browser
"{C8B6BCC2-7D07-4E08-9838-F2BF55BCC692}" = SQL Server 2008 R2 Database Engine Services
"{C8BA6802-38DA-43F9-8ACB-73161C277C9A}" = Adobe Setup
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CDB4962C-244C-42FE-A7AF-9F575E218E9C}" = Microsoft Sync Framework Runtime v1.0 (x86) ko
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB}" = Windows Internal Database (MICROSOFT##SSEE)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC34F72-1D79-40BD-AC41-62429ED87671}" = FTP Service 7.5 for IIS 7.0
"{DC6A0190-560C-32F5-ACA3-EF73FC6E31F2}" = Microsoft .NET Framework 4 Extended KOR Language Pack
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE565CFA-AFC0-4740-9273-831D1928797A}" = MySQL Server 5.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E6C5A6-6DBE-45B2-BB90-4533CC22E324}" = Microsoft Sync Services for ADO.NET v2.0 (x86) ko
"{E59555E2-6572-4BA5-90A9-3D2327739979}" = WebDAV 7.5 For IIS 7.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS URL 재작성 모듈 2
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_498b43b77cac072081a5692bfc52804" = Add or Remove Adobe Creative Suite 3 Design Premium
"ALSee_is1" = 알씨
"ALZip_is1" = 알집
"CollabNet Automatic Update" = CollabNet Automatic Update 1.2
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.15
"EditPlus 2" = EditPlus 2
"expat_is1" = Expat XML Parser 2.0.1
"FileZilla" = FileZilla (remove only)
"Hancom HOffice 2010 Viewer Korean" = 한컴오피스 뷰어 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware 버전 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - kor" = Microsoft .NET Framework 3.5 언어 팩 SP1 - 한국어
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile KOR Language Pack" = Microsoft .NET Framework 4 Client Profile 한국어 언어 팩
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended KOR Language Pack" = Microsoft .NET Framework 4 Extended 한국어 언어 팩
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NaverToolbar" = 네이버 툴바
"NaverUpdater" = 네이버 업데이터
"NToolsUpdater" = 네이버 툴즈업데이터
"PROPLUS" = Microsoft Office Professional Plus 2007
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"UnINISafeWeb6" = INISafeWeb 6.0
"WinLiveSuite" = Windows Live 필수 패키지
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit
"XecureWeb Control" = XecureWeb Control

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_counter_log'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_counter_log'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

Error - 2011-07-23 오전 10:41:03 | Computer Name = WIN-U0VN9SR7OY9 | Source = MySQL | ID = 100
Description = C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld: Table '.\enjoyitaewon0915\xe_session'
is marked as crashed and should be repaired For more information, see Help and Support
Center at http://www.mysql.com.

[ System Events ]
Error - 2011-07-23 오전 10:05:31 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-07-23 오전 10:05:32 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-07-23 오전 10:05:32 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-07-23 오전 10:06:44 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7034
Description =

Error - 2011-07-23 오전 10:10:32 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7026
Description =

Error - 2011-07-23 오전 10:12:34 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-07-23 오전 10:12:34 | Computer Name = WIN-U0VN9SR7OY9 | Source = Service Control Manager | ID = 7001
Description =

Error - 2011-07-23 오전 10:23:19 | Computer Name = WIN-U0VN9SR7OY9 | Source = UmrdpService | ID = 1111
Description = Samsung CLP-310 Series 프린터에 필요한 Samsung CLP-310 Series 드라이버를 알 수 없습니다.
다시 로그인하기 전에 드라이버 설치에 관해 관리자에게 문의하십시오.

Error - 2011-07-23 오전 10:23:20 | Computer Name = WIN-U0VN9SR7OY9 | Source = UmrdpService | ID = 1111
Description = Adobe PDF 프린터에 필요한 Adobe PDF Converter 드라이버를 알 수 없습니다. 다시 로그인하기 전에
드라이버 설치에 관해 관리자에게 문의하십시오.

Error - 2011-07-23 오전 10:23:30 | Computer Name = WIN-U0VN9SR7OY9 | Source = UmrdpService | ID = 1111
Description = HP Officejet 6000 E609a Series 프린터에 필요한 HP Officejet 6000 E609a Series
드라이버를 알 수 없습니다. 다시 로그인하기 전에 드라이버 설치에 관해 관리자에게 문의하십시오.

[ WebsitePanel Events ]
Error - 2010-10-07 오전 3:26:34 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/7/2010 4:26:33 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsDiskSpace(ServiceProviderItem[]
items)

Error - 2010-10-07 오전 3:26:34 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/7/2010 4:26:34 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오전 3:26:37 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/7/2010 4:26:37 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsDiskSpace(ServiceProviderItem[]
items)

Error - 2010-10-07 오후 10:59:57 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 11:59:57 AM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오후 10:59:57 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 11:59:57 AM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오후 11:00:00 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 12:00:00 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오후 11:00:00 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 12:00:00 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오후 11:00:00 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 12:00:00 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오후 11:00:00 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 12:00:00 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsBandwidth(ServiceProviderItem[]
items, DateTime since)

Error - 2010-10-07 오후 11:30:00 | Computer Name = WIN-U0VN9SR7OY9 | Source = WebsitePanel | ID = 0
Description = [10/8/2010 12:30:00 PM] ERROR: Object reference not set to an instance
of an object. System.NullReferenceException: Object reference not set to an instance
of an object. at WebsitePanel.Providers.Web.Iis.WebObjects.WebObjectsModuleService.GetWebSiteFromIIS(String
siteId) at WebsitePanel.Providers.Web.IIs70.GetSite(String siteId) at WebsitePanel.Providers.Web.IIs70.GetServiceItemsDiskSpace(ServiceProviderItem[]
items)


< End of report >


Another OTL LOG FILE

OTL logfile created on: 2011-07-23 오후 11:33:50 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = E:\download\spymalware
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000412 | Country: 대한민국 | Language: KOR | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 0.27 Gb Available Physical Memory | 13.75% Memory free
4.24 Gb Paging File | 1.22 Gb Available in Paging File | 28.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 13.09 Gb Free Space | 26.17% Space Free | Partition Type: NTFS
Drive D: | 91.44 Gb Total Space | 77.30 Gb Free Space | 84.54% Space Free | Partition Type: NTFS
Drive E: | 91.44 Gb Total Space | 40.28 Gb Free Space | 44.05% Space Free | Partition Type: NTFS

Computer Name: WIN-U0VN9SR7OY9 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-07-15 00:37:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\download\spymalware\OTL.exe
PRC - [2011-06-23 18:55:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-05-29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-04-01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011-02-02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2011-01-21 12:32:20 | 000,045,131 | ---- | M] (The PHP Group) -- C:\Program Files\PHP\v5.2\php-cgi.exe
PRC - [2010-11-30 05:49:38 | 000,024,636 | ---- | M] (Apache Software Foundation) -- D:\sites\NookuTools\bin\httpd.exe
PRC - [2009-04-11 21:57:57 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
PRC - [2009-04-11 21:57:43 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009-04-11 21:57:20 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008-01-19 20:23:48 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\WMSvc.exe
PRC - [2008-01-19 20:23:39 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsrm.exe


========== Modules (SafeList) ==========

MOD - [2011-07-15 00:37:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\download\spymalware\OTL.exe
MOD - [2010-10-01 23:15:35 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_d08a21a2442db2dc\msvcr80.dll
MOD - [2010-10-01 23:15:35 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_d08a21a2442db2dc\msvcp80.dll
MOD - [2010-09-01 00:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008-12-04 05:47:44 | 000,419,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IMKR12.IME
MOD - [2008-01-19 16:36:56 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll


========== Win32 Services (SafeList) ==========

SRV - [2011-05-29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-04-01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011-02-02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Windows\System32\java.exe -- (CSVNConsole)
SRV - [2010-11-30 05:49:38 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\sites\NookuTools\bin\httpd.exe -- (CollabNetSubversionServer)
SRV - [2010-10-02 23:08:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-04-22 03:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010-04-22 03:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009-07-20 14:36:12 | 000,331,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2009-04-11 21:57:43 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009-04-11 21:57:42 | 000,078,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rsopprov.exe -- (RSoPProv)
SRV - [2008-11-24 22:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe -- (MSSQL$MICROSOFT##SSEE) Windows Internal Database (MICROSOFT##SSEE)
SRV - [2008-07-29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008-01-19 20:23:59 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rqs.exe -- (Rqs)
SRV - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008-01-19 20:23:48 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008-01-19 20:23:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008-01-19 20:23:39 | 000,754,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wsrm.exe -- (WSRM)
SRV - [2008-01-19 20:23:32 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sacsvr.dll -- (sacsvr)
SRV - [2008-01-19 20:23:31 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FCRegSvc.dll -- (FCRegSvc)
SRV - [2007-10-11 10:45:34 | 000,111,288 | ---- | M] (NHN Corp.) [Disabled | Stopped] -- C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe -- (Naver Updater)


========== Driver Services (SafeList) ==========

DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011-05-29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-04-05 20:00:57 | 000,011,808 | ---- | M] (Rsupport Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VRVD302.sys -- (VRVD302)
DRV - [2011-04-02 10:06:40 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2011-04-02 10:06:40 | 000,021,640 | ---- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSKD24.SYS -- (JRSKD24)
DRV - [2010-04-03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009-04-11 21:57:01 | 000,185,320 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2009-04-11 21:57:01 | 000,035,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2008-07-10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008-01-25 16:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-01-19 20:24:01 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2008-01-19 20:23:32 | 000,088,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\sacdrv.sys -- (sacdrv)
DRV - [2008-01-19 20:23:25 | 000,042,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\storflt.sys -- (storflt)
DRV - [2008-01-19 20:23:25 | 000,031,232 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\qd26032.sys -- (ioatdma) Intel®
DRV - [2008-01-19 20:23:25 | 000,015,816 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\s3cap.sys -- (s3cap)
DRV - [2005-03-16 15:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BIOS.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "res://iesetup.dll/SoftAdmin.htm"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-24 23:25:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-23 18:55:04 | 000,000,000 | ---D | M]

[2010-10-04 16:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011-07-23 23:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions
[2010-10-06 07:17:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-03-10 20:24:24 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2011-06-23 18:55:10 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\xd0z32nc.default\extensions\[email protected]
[2011-07-23 23:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-07-23 23:05:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011-02-02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-21 18:24:32 | 000,200,793 | ---- | M] (INITECH ©) -- C:\Program Files\mozilla firefox\plugins\npINISAFEWeb60.dll
[2011-03-10 20:24:14 | 000,004,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\danawa-kr.xml
[2011-03-10 20:24:14 | 000,007,980 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\daum-kr.xml
[2011-03-10 20:24:14 | 000,004,262 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\naver-kr.xml
[2011-03-10 20:24:14 | 000,001,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-kr.xml
[2011-03-10 20:24:14 | 000,001,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-kr.xml

O1 HOSTS File: ([2006-09-19 06:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Naver SafeGuard) - {000011A1-74C9-4c7e-9B4E-59B5765CF409} - c:\Program Files\Naver\NaverToolbar\NaverSafeGuard\nSafeGuard_2011_6_2_1.dll (NHN Corp.)
O2 - BHO: (Adobe PDF Reader 링크 도우미) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (네이버 툴바 도우미) - {67C41E9E-2EBF-4F2B-AF74-314F0D793172} - C:\Program Files\Naver\NaverToolbar\NaverTB_3_5_10_87.dll (NHN Corp.)
O3 - HKLM\..\Toolbar: (네이버 툴바) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\Naver\NaverToolbar\NaverTB_3_5_10_87.dll (NHN Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O8 - Extra context menu item: 네이버 검색 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 북마크하기 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 블로그 담기 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 사전 검색 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 오픈캐스트 링크등록 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O8 - Extra context menu item: 네이버 일한 번역 - C:\Program Files\naver\NaverToolbar\NaverTB_3_5_7_61.dll (NHN Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bigfile.co.kr ([]* in 신뢰할 수 있는 사이트)
O15 - HKCU\..Trusted Domains: bigfile.co.kr ([]http in 신뢰할 수 있는 사이트)
O15 - HKCU\..Trusted Domains: bigfile.co.kr ([]https in 신뢰할 수 있는 사이트)
O16 - DPF: {7FAE8B01-5F20-43AC-9DFF-ABDA3591BBB4} http://www.bigfile.c...igFileVista.cab (BigFileElevatorX Control)
O16 - DPF: {884E8485-BAA8-4081-BFA9-2E12C7DAFDEB} http://www.albamon.c...orcontrolex.cab (WebProtectorControlEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.k..._ansimclick.cab (V3D Client Control)
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} https://download.auc.../BankPayEFT.cab (BankPayEFTCtrl Control)
O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} http://program.webha...DacomUpload.cab (DacomUpload Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} http://www.congnamul...p_V2_0_0_19.cab (CongnamulMap4Asp Control)
O16 - DPF: {DD8C54E8-9028-4A54-96B9-30761B1F80DF} http://cyber.kepco.c...down/INIS60.exe (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....PCTLD_VISTA.cab (KvpIspCtlD Control)
O16 - DPF: {EF256D78-3982-4F12-900B-AD8B254A43BD} http://reselleradmin...vice/FtpCtl.cab (Cafe24FtpL Class)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.co...averAXGuide.cab (NaverAXGuide Class)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-23 23:05:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-07-21 13:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\younghun
[2011-07-16 12:42:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\text
[2011-07-14 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011-07-14 23:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-07-14 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011-07-14 23:50:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-14 23:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-14 23:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-07-14 23:50:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-07-14 23:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-14 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7FDCBA24-033C-4348-8C8E-D154455E0249}
[2011-07-13 17:30:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\ioncube
[2011-07-13 06:37:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F6651A4D-BA8B-4FAD-ACCE-12462F9F622D}
[2011-07-12 10:12:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8B8EB0EA-2C3F-454F-9822-38F8C50BCB8F}
[2011-07-11 14:35:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{8335E086-CF1F-4D06-9B00-8805D80E1D81}
[2011-07-07 10:46:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4743BAE4-E8C0-490A-A627-9210061604FA}
[2011-07-01 23:41:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{27699FEE-EDCB-45E2-8BA7-166276090B40}
[2011-07-01 22:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Expat 2.0.1
[2011-06-29 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C16237D0-0EB1-4FB4-9AC3-041EC1045849}
[2011-06-28 23:18:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BEF210A6-1DBD-47B7-B6DA-559197BA9835}
[2011-06-28 19:56:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\discussitmoderator
[2011-06-27 20:30:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BC657B3F-678B-4B25-8A03-6E9BCBAD85D4}
[2011-06-26 10:06:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{88174A28-29DD-4C19-9984-B0A37A7B82B8}
[2008-01-19 20:24:28 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\sdohlplib.dll

========== Files - Modified Within 30 Days ==========

[2011-07-23 23:09:14 | 000,005,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-07-23 23:09:14 | 000,005,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-07-23 23:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-07-23 23:08:58 | 2136,571,904 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-23 22:57:22 | 000,000,726 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224543415-1866084954-3480454874-500UA.job
[2011-07-23 14:57:01 | 000,000,674 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224543415-1866084954-3480454874-500Core.job
[2011-07-23 11:00:27 | 000,000,404 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79279A52-C67A-49F5-AF1E-56D823B99AC0}.job
[2011-07-23 01:18:35 | 001,674,494 | ---- | M] () -- C:\Users\Administrator\Desktop\logosample.psd
[2011-07-21 13:28:06 | 000,002,539 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011-07-20 19:12:46 | 000,046,972 | ---- | M] () -- C:\Users\Administrator\Desktop\minheight.gif
[2011-07-20 02:11:51 | 000,009,588 | ---- | M] () -- C:\Users\Administrator\Desktop\jiyoung.jpg
[2011-07-17 12:28:49 | 000,166,912 | ---- | M] () -- C:\Windows\System32\libmcrypt.dll
[2011-07-14 23:50:22 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-14 12:36:38 | 000,000,005 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2011-07-14 12:33:32 | 000,629,612 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2011-07-14 12:33:31 | 000,864,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-07-14 12:33:31 | 000,206,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-07-14 12:33:31 | 000,206,692 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2011-07-14 11:08:08 | 001,779,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-07-13 21:28:48 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll

========== Files Created - No Company Name ==========

[2011-07-23 21:41:55 | 001,674,494 | ---- | C] () -- C:\Users\Administrator\Desktop\logosample.psd
[2011-07-20 19:12:42 | 000,046,972 | ---- | C] () -- C:\Users\Administrator\Desktop\minheight.gif
[2011-07-20 02:11:46 | 000,009,588 | ---- | C] () -- C:\Users\Administrator\Desktop\jiyoung.jpg
[2011-07-17 12:28:46 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2011-07-14 23:52:22 | 000,002,539 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011-07-14 23:50:22 | 000,000,807 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-01 22:56:59 | 000,413,696 | ---- | C] () -- C:\Windows\System32\sablot.dll
[2011-07-01 22:47:02 | 000,151,552 | ---- | C] () -- C:\Windows\System32\libexpat.dll
[2011-01-31 23:15:02 | 000,000,652 | ---- | C] () -- C:\Windows\pear.ini
[2011-01-24 14:35:48 | 000,567,152 | ---- | C] () -- C:\Windows\System32\NJUninst.exe
[2010-12-03 12:46:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\KCPPaymentUX.dll
[2010-11-17 14:19:16 | 001,105,920 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2010-11-05 10:54:36 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2010-10-04 17:40:37 | 000,000,024 | ---- | C] () -- C:\Windows\System32\scskConfigEH.ini
[2010-10-04 16:17:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-10-03 22:36:35 | 000,025,872 | ---- | C] () -- C:\Windows\System32\INIUAC.exe
[2010-10-02 23:11:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010-10-01 18:07:14 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2010-05-11 22:55:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\webprotectorhook.dll
[2009-09-07 16:59:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\y5wrapper.dll
[2009-09-07 16:59:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\y5winwrap.dll
[2009-09-07 16:57:46 | 000,212,992 | ---- | C] () -- C:\Windows\System32\y5csel.dll
[2009-09-02 09:07:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\y5cview.dll
[2009-09-02 09:07:44 | 000,389,120 | ---- | C] () -- C:\Windows\System32\y5cert.dll
[2009-09-02 09:07:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\y5clist.dll
[2009-09-01 18:16:38 | 000,184,320 | ---- | C] () -- C:\Windows\System32\y5base.dll
[2009-04-14 10:47:32 | 000,629,612 | ---- | C] () -- C:\Windows\System32\perfh012.dat
[2009-04-14 10:47:32 | 000,206,692 | ---- | C] () -- C:\Windows\System32\perfc012.dat
[2009-04-14 10:47:32 | 000,155,890 | ---- | C] () -- C:\Windows\System32\perfi012.dat
[2009-04-14 10:47:32 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd012.dat
[2009-04-11 21:57:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009-04-11 21:57:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009-04-11 21:57:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009-02-26 13:53:34 | 000,045,116 | ---- | C] () -- C:\Windows\System32\KvpSetRegistry.exe
[2008-02-11 11:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008-01-19 20:43:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2008-01-19 20:35:10 | 001,779,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2008-01-19 20:24:26 | 000,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2008-01-19 20:24:26 | 000,001,048 | ---- | C] () -- C:\Windows\System32\SetupNfsIdMap.exe.config
[2008-01-19 20:24:26 | 000,000,989 | ---- | C] () -- C:\Windows\System32\NfsConfigGuide.exe.config
[2008-01-19 20:24:26 | 000,000,940 | ---- | C] () -- C:\Windows\System32\ProvisionShare.exe.config
[2008-01-19 20:24:26 | 000,000,933 | ---- | C] () -- C:\Windows\System32\ProvisionStorage.exe.config
[2008-01-19 17:56:38 | 000,864,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2008-01-19 17:56:38 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2008-01-19 17:56:38 | 000,206,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2008-01-19 17:56:38 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2008-01-19 17:45:36 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2008-01-19 14:56:52 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2008-01-19 13:34:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2008-01-04 04:04:28 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2008-01-04 03:57:53 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007-05-18 17:43:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\KVPSetupEx.exe
[2007-05-10 08:15:34 | 000,028,672 | ---- | C] () -- C:\Windows\System32\ISP_crgen.dll
[2005-06-29 18:45:44 | 000,708,096 | ---- | C] () -- C:\Windows\System32\INIcrypto20.dll

< End of report >

Malwarebytes' Anti-Malware log

Korean words saying no infection.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

DB 버전: 7250

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2011-07-24 오전 12:49:16
mbam-log-2011-07-24 (00-49-16).txt

검사 방식: 빠른 검사
검사 대상: 218658
경과 시간: 35 분, 47 초

메모리 프로세스 감염: 0
메모리 모듈 감염: 0
레지스트리 키 감염: 0
레지스트리 값 감염: 0
레지스트리 데이터 항목 감염: 0
폴드 감염: 0
파일 감염: 0

메모리 프로세스 감염:
(탐지된 악성 항목이 없음)

메모리 모듈 감염:
(탐지된 악성 항목이 없음)

레지스트리 키 감염:
(탐지된 악성 항목이 없


ComboFix
Combo fix program doesn't support Windows Server 2008 so I didn't do this one.


TDSSKiller:

2011/07/24 01:03:49.0300 4984 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/24 01:03:49.0876 4984 ================================================================================
2011/07/24 01:03:49.0876 4984 SystemInfo:
2011/07/24 01:03:49.0876 4984
2011/07/24 01:03:49.0876 4984 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/24 01:03:49.0876 4984 Product type: Server
2011/07/24 01:03:49.0876 4984 ComputerName: WIN-U0VN9SR7OY9
2011/07/24 01:03:49.0876 4984 UserName: Administrator
2011/07/24 01:03:49.0876 4984 Windows directory: C:\Windows
2011/07/24 01:03:49.0876 4984 System windows directory: C:\Windows
2011/07/24 01:03:49.0876 4984 Processor architecture: Intel x86
2011/07/24 01:03:49.0876 4984 Number of processors: 2
2011/07/24 01:03:49.0876 4984 Page size: 0x1000
2011/07/24 01:03:49.0876 4984 Boot type: Normal boot
2011/07/24 01:03:49.0876 4984 ================================================================================
2011/07/24 01:03:50.0651 4984 Initialize success
2011/07/24 01:03:58.0380 5692 ================================================================================
2011/07/24 01:03:58.0380 5692 Scan started
2011/07/24 01:03:58.0380 5692 Mode: Manual;
2011/07/24 01:03:58.0380 5692 ================================================================================
2011/07/24 01:04:00.0427 5692 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/24 01:04:00.0667 5692 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/24 01:04:00.0914 5692 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/24 01:04:01.0256 5692 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/24 01:04:01.0493 5692 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/24 01:04:01.0745 5692 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/07/24 01:04:01.0990 5692 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/24 01:04:02.0218 5692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/24 01:04:02.0457 5692 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/24 01:04:02.0685 5692 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/24 01:04:02.0910 5692 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/24 01:04:03.0152 5692 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/24 01:04:03.0394 5692 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/24 01:04:03.0671 5692 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/24 01:04:03.0905 5692 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/24 01:04:04.0163 5692 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/24 01:04:04.0397 5692 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/24 01:04:04.0656 5692 b06bdrv (8dae187d78be2790fb4995937fd04743) C:\Windows\system32\drivers\bxvbdx.sys
2011/07/24 01:04:04.0910 5692 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/24 01:04:05.0153 5692 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\Windows\system32\drivers\BIOS.sys
2011/07/24 01:04:05.0394 5692 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/24 01:04:05.0644 5692 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/24 01:04:05.0895 5692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/24 01:04:06.0144 5692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/24 01:04:06.0389 5692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/24 01:04:06.0750 5692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/24 01:04:06.0992 5692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/24 01:04:07.0225 5692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/24 01:04:07.0704 5692 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/24 01:04:07.0938 5692 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/24 01:04:08.0180 5692 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/24 01:04:08.0350 5692 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/24 01:04:08.0595 5692 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/24 01:04:08.0849 5692 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/24 01:04:09.0084 5692 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/24 01:04:09.0318 5692 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/24 01:04:09.0579 5692 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/07/24 01:04:09.0840 5692 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/07/24 01:04:10.0084 5692 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/24 01:04:10.0339 5692 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/24 01:04:10.0579 5692 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/24 01:04:10.0833 5692 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/24 01:04:11.0081 5692 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/24 01:04:11.0322 5692 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
2011/07/24 01:04:11.0565 5692 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/24 01:04:11.0794 5692 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/24 01:04:12.0034 5692 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/24 01:04:12.0294 5692 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/24 01:04:12.0544 5692 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/24 01:04:12.0786 5692 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/24 01:04:13.0013 5692 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/24 01:04:13.0264 5692 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/24 01:04:13.0516 5692 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/24 01:04:13.0763 5692 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/24 01:04:14.0012 5692 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/24 01:04:14.0244 5692 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\drivers\hidbth.sys
2011/07/24 01:04:14.0480 5692 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\drivers\hidir.sys
2011/07/24 01:04:14.0723 5692 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/24 01:04:14.0966 5692 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
2011/07/24 01:04:15.0204 5692 HTTP (527ec8adf4fcbdbc0fba2e6df30a7ea1) C:\Windows\system32\drivers\HTTP.sys
2011/07/24 01:04:15.0431 5692 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/24 01:04:15.0681 5692 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/24 01:04:15.0935 5692 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/24 01:04:16.0209 5692 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/24 01:04:16.0493 5692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/24 01:04:17.0002 5692 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/24 01:04:17.0244 5692 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/24 01:04:17.0478 5692 ioatdma (1e662dd13baa2c7ab7412c7da8294626) C:\Windows\system32\drivers\qd26032.sys
2011/07/24 01:04:17.0727 5692 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/24 01:04:17.0972 5692 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/24 01:04:18.0207 5692 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\drivers\ipnat.sys
2011/07/24 01:04:18.0425 5692 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/24 01:04:18.0668 5692 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/24 01:04:19.0032 5692 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/24 01:04:19.0759 5692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/24 01:04:20.0359 5692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/24 01:04:20.0610 5692 JRSKD24 (fb5955d71fd6fa3595da8a80d1cf53d1) C:\Windows\system32\JRSKD24.SYS
2011/07/24 01:04:20.0851 5692 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/24 01:04:21.0094 5692 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/24 01:04:21.0264 5692 kcrtx86 (cbbc332b9a94d9eb16e3328b50760587) C:\Windows\system32\kcrtx86.sys
2011/07/24 01:04:21.0521 5692 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/24 01:04:21.0775 5692 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/24 01:04:22.0017 5692 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/24 01:04:22.0249 5692 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/24 01:04:22.0492 5692 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/24 01:04:22.0729 5692 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/24 01:04:22.0978 5692 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/07/24 01:04:23.0220 5692 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/24 01:04:23.0469 5692 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/24 01:04:23.0693 5692 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/24 01:04:23.0929 5692 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/24 01:04:24.0162 5692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/24 01:04:24.0396 5692 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/24 01:04:24.0622 5692 mountmgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/24 01:04:24.0849 5692 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
2011/07/24 01:04:25.0067 5692 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/24 01:04:25.0333 5692 MQAC (4116cde6c8c97e2f4492f2755810019f) C:\Windows\system32\drivers\mqac.sys
2011/07/24 01:04:26.0275 5692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/24 01:04:27.0396 5692 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/24 01:04:28.0817 5692 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/24 01:04:30.0168 5692 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/24 01:04:33.0166 5692 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/07/24 01:04:36.0149 5692 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
2011/07/24 01:04:39.0046 5692 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/24 01:04:41.0919 5692 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/24 01:04:44.0630 5692 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/24 01:04:46.0329 5692 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/24 01:04:46.0762 5692 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/24 01:04:46.0989 5692 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/24 01:04:47.0232 5692 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/24 01:04:47.0507 5692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/24 01:04:47.0749 5692 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/24 01:04:48.0006 5692 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/24 01:04:48.0258 5692 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/24 01:04:48.0501 5692 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/24 01:04:48.0736 5692 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/24 01:04:48.0971 5692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/24 01:04:49.0196 5692 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/24 01:04:49.0435 5692 NetBT (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/24 01:04:49.0705 5692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/24 01:04:49.0946 5692 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/24 01:04:50.0180 5692 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/24 01:04:50.0427 5692 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/24 01:04:50.0774 5692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/24 01:04:51.0007 5692 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/24 01:04:51.0242 5692 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/24 01:04:51.0551 5692 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/24 01:04:51.0781 5692 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/24 01:04:52.0023 5692 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\drivers\ohci1394.sys
2011/07/24 01:04:52.0259 5692 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\drivers\parport.sys
2011/07/24 01:04:52.0492 5692 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/24 01:04:52.0734 5692 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\drivers\parvdm.sys
2011/07/24 01:04:52.0964 5692 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/24 01:04:53.0197 5692 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/24 01:04:53.0427 5692 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\drivers\pcmcia.sys
2011/07/24 01:04:53.0670 5692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/24 01:04:53.0953 5692 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/24 01:04:54.0183 5692 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/24 01:04:54.0438 5692 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/24 01:04:54.0691 5692 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/24 01:04:54.0939 5692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/24 01:04:55.0172 5692 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/24 01:04:55.0408 5692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/24 01:04:55.0650 5692 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/24 01:04:55.0894 5692 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/24 01:04:56.0130 5692 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/24 01:04:56.0364 5692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/24 01:04:56.0605 5692 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/07/24 01:04:56.0962 5692 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/24 01:04:57.0289 5692 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/24 01:04:57.0562 5692 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/07/24 01:04:57.0808 5692 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/07/24 01:04:58.0051 5692 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/24 01:04:58.0301 5692 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/24 01:04:58.0559 5692 s3cap (f3fb2f944ab92a791aa66143b1fec565) C:\Windows\system32\drivers\s3cap.sys
2011/07/24 01:04:58.0793 5692 sacdrv (20c094981b34a20818c17f9576fff20c) C:\Windows\system32\DRIVERS\sacdrv.sys
2011/07/24 01:04:59.0244 5692 sbp2port (e0be42226ef2cc26f3e271ae7b00e211) C:\Windows\system32\drivers\sbp2port.sys
2011/07/24 01:04:59.0489 5692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/24 01:04:59.0731 5692 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/24 01:04:59.0976 5692 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/24 01:05:00.0201 5692 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/24 01:05:00.0451 5692 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/24 01:05:00.0684 5692 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/24 01:05:00.0909 5692 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/24 01:05:01.0134 5692 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\drivers\sfloppy.sys
2011/07/24 01:05:01.0361 5692 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/24 01:05:01.0636 5692 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/24 01:05:01.0863 5692 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/24 01:05:02.0371 5692 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/24 01:05:02.0673 5692 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/24 01:05:02.0942 5692 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/07/24 01:05:03.0187 5692 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/24 01:05:03.0436 5692 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/24 01:05:03.0673 5692 storflt (ee0a7849b04511da0caaa9a3aa4bc0b2) C:\Windows\system32\drivers\storflt.sys
2011/07/24 01:05:03.0901 5692 storvsc (52fe263ed75189ac52c340192eb4a9bf) C:\Windows\system32\drivers\storvsc.sys
2011/07/24 01:05:04.0126 5692 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/24 01:05:04.0360 5692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/24 01:05:04.0594 5692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/24 01:05:04.0827 5692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/24 01:05:05.0077 5692 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/24 01:05:05.0336 5692 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/24 01:05:05.0567 5692 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/24 01:05:05.0803 5692 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/24 01:05:06.0045 5692 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/24 01:05:06.0279 5692 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/24 01:05:07.0196 5692 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/24 01:05:07.0596 5692 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/24 01:05:07.0829 5692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/24 01:05:08.0096 5692 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/24 01:05:08.0347 5692 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/24 01:05:08.0594 5692 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/24 01:05:09.0103 5692 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/24 01:05:09.0425 5692 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/24 01:05:09.0976 5692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/24 01:05:10.0211 5692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/24 01:05:10.0444 5692 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/24 01:05:10.0677 5692 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\drivers\umpass.sys
2011/07/24 01:05:10.0922 5692 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/24 01:05:11.0157 5692 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\drivers\usbcir.sys
2011/07/24 01:05:11.0408 5692 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/24 01:05:11.0651 5692 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/24 01:05:11.0884 5692 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\drivers\usbohci.sys
2011/07/24 01:05:12.0122 5692 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\drivers\usbprint.sys
2011/07/24 01:05:12.0351 5692 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/24 01:05:12.0589 5692 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/24 01:05:12.0827 5692 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/24 01:05:13.0059 5692 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/24 01:05:13.0303 5692 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/24 01:05:13.0537 5692 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/24 01:05:13.0771 5692 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/24 01:05:14.0013 5692 vmbus (01f69ce49090989ccbd3b833c7815ca8) C:\Windows\system32\drivers\vmbus.sys
2011/07/24 01:05:14.0273 5692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/24 01:05:14.0518 5692 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/24 01:05:14.0752 5692 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/24 01:05:14.0994 5692 VRVD302 (27669b2aaba075fb574a69fbe6fec858) C:\Windows\system32\DRIVERS\VRVD302.sys
2011/07/24 01:05:15.0237 5692 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/24 01:05:15.0487 5692 WacomPen (d35e6095ad0ee3b3393e6f3f1ecf168a) C:\Windows\system32\drivers\wacompen.sys
2011/07/24 01:05:15.0747 5692 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/24 01:05:15.0757 5692 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/24 01:05:16.0023 5692 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/24 01:05:16.0267 5692 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/24 01:05:16.0567 5692 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/24 01:05:16.0817 5692 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/24 01:05:16.0858 5692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/24 01:05:16.0875 5692 Boot (0x1200) (09fcea7dad0db08db6a298f9aaa7e84b) \Device\Harddisk0\DR0\Partition0
2011/07/24 01:05:16.0890 5692 Boot (0x1200) (d7ed6a0c5e51670588f5a8e8cbbf5d67) \Device\Harddisk0\DR0\Partition1
2011/07/24 01:05:16.0907 5692 Boot (0x1200) (e06ee7d7f98c4f228883264245f1da04) \Device\Harddisk0\DR0\Partition2
2011/07/24 01:05:16.0911 5692 ================================================================================
2011/07/24 01:05:16.0911 5692 Scan finished
2011/07/24 01:05:16.0911 5692 ================================================================================
2011/07/24 01:05:16.0917 4524 Detected object count: 0
2011/07/24 01:05:16.0917 4524 Actual detected object count: 0
2011/07/24 01:09:11.0180 5732 Deinitialize success



aswMBR.exe

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-24 01:10:39
-----------------------------
01:10:39.410 OS Version: Windows 6.0.6002 Service Pack 2
01:10:39.410 Number of processors: 2 586 0x170A
01:10:39.411 ComputerName: WIN-U0VN9SR7OY9 UserName: Administrator
01:10:42.548 Initialize success
01:11:42.470 AVAST engine defs: 11072301
01:11:46.616 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
01:11:46.617 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
01:11:46.655 Disk 0 MBR read successfully
01:11:46.657 Disk 0 MBR scan
01:11:46.659 Disk 0 Windows VISTA default MBR code
01:11:46.710 Disk 0 scanning sectors +488392704
01:11:46.829 Disk 0 scanning C:\Windows\system32\drivers
01:11:54.448 Service scanning
01:11:55.697 Modules scanning
01:12:01.517 Disk 0 trace - called modules:
01:12:01.530 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
01:12:01.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83978030]
01:12:01.533 3 CLASSPNP.SYS[87b7c8b3] -> nt!IofCallDriver -> [0x8382f8d8]
01:12:01.535 5 acpi.sys[8760a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8382db98]
01:12:04.735 AVAST engine scan C:\Windows
01:12:06.115 AVAST engine scan C:\Windows\system32
01:13:07.825 AVAST engine scan C:\Windows\system32\drivers
01:13:16.584 AVAST engine scan C:\Users\Administrator
01:17:25.680 Disk 0 MBR has been saved successfully to "E:\download\spymalware\MBR.dat"
01:17:25.684 The log file has been saved successfully to "E:\download\spymalware\aswMBR.txt"
  • 0

#7
RKinner
Posted 24 July 2011 - 12:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. Logs look good tho you are showing some strange problems in your event logs. We can look at them if you want: ( Don't have a 2008 server so I'm not sure if it follows the XP or the Vista/Win7 rules so you may have to adjust the following (perhaps you do not need to Run As Administrator):

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. (Next select Windows Logs.) Right click on System and Clear Log or Clear All Events, Clear. (No point in saving the logs unless you need them for something.)Repeat for Application.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Otherwise we're done with the malware part and just need to cleanup:


We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP