Jump to content

missionshill

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. missionshill
    Still won't open but, my computer seems to run fine aside from that.
  2. missionshill
    Completed both of those tasks but internet explorer opens up and gives me the default browser prompt, and which ever option I closes the program.
  3. missionshill
    I can't open internet explorer or use windows updates, but I can access all the websites on Firefox I couldn't use before!
  4. missionshill
    C:\Documents and Settings\Administrator\Local Settings\Temp\is-AOCMP.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined C:\Documents and Settings\Administrator\Local Settings\Temp\is-CJPEF.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined C:\System Volume Information\_restore{5FDF2AE0-78C4-4D02-A384-81C8E5F2003F}\RP161\A0070161.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\System Volume Information\_restore{5FDF2AE0-78C4-4D02-A384-81C8E5F2003F}\RP161\A0070162.exe Win32/OpenCandy application cleaned by deleting - quarantined
  5. missionshill
    I had two different logs and posted my mbam one, I am so sorry about that.
  6. missionshill
    I created and saved the script to the same folder as Combofix and then dragged it on top. The program ran like it did before, and this is the log it creatd: ComboFix 13-05-23.02 - Justin 2013-05-24 14:40:55.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1042.18.2038.1531 [GMT 9:00] Running from: c:\documents and settings\Justin\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Justin\My Documents\Downloads\CFScript.txt AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\PDDRIVERUTIL.log c:\windows\system32\SLog.log . ---- Previous Run ------- . c:\windows\system32\PDDRIVERUTIL.log c:\windows\system32\SLog.log . . ((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 ))))))))))))))))))))))))))))))) . . 2013-05-20 02:08 . 2013-05-20 02:03 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-05-20 02:08 . 2013-05-20 02:03 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-05-20 02:08 . 2013-05-20 02:03 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-05-20 02:08 . 2013-05-20 02:08 -------- d-----w- c:\program files\Avira 2013-05-20 02:08 . 2013-05-20 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2013-05-20 00:42 . 2013-05-20 00:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-20 00:42 . 2013-04-04 05:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-20 00:04 . 2013-05-20 00:04 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-05-19 23:58 . 2013-05-19 23:58 -------- d-----w- C:\temp 2013-05-13 04:44 . 2013-05-24 05:35 -------- d-----w- c:\docume~1\Justin\F58E~1 2013-05-13 04:44 . 2013-05-13 04:44 -------- d--h--w- c:\windows\PIF 2013-05-13 04:44 . 2013-05-13 04:44 -------- d-----r- c:\docume~1\Justin\E0AC~1 2013-05-13 04:03 . 2013-05-22 07:42 -------- d-----w- c:\documents and settings\Justin 2013-05-09 03:24 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8B84381-FACA-4DE5-B78C-AC81EC210E83}\mpengine.dll 2013-05-07 23:54 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-05 23:57 . 2013-05-13 04:43 -------- d-----w- c:\windows\system32\Adobe 2013-04-30 03:01 . 2012-06-02 06:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2013-04-30 00:42 . 2013-04-30 00:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-29 08:03 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-04-29 07:45 . 2013-04-29 07:45 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-29 07:38 . 2013-04-29 07:38 -------- d-----w- c:\program files\Common Files\INCA Shared 2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\Foruser Soft 2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\NPKI 2013-04-29 07:33 . 2013-04-29 07:33 -------- d-----w- c:\documents and settings\Administrator\.swt 2013-04-29 05:31 . 2013-04-29 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-04-26 06:36 . 2013-05-20 02:06 -------- d-----w- c:\program files\SUPERAntiSpyware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 03:48 . 2012-09-04 00:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-15 03:48 . 2012-09-04 00:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-30 00:42 . 2012-09-07 02:42 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-30 00:42 . 2012-09-07 02:41 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-30 00:42 . 2012-09-07 02:41 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-16 22:16 . 2006-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:16 . 2006-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-04-16 22:16 . 2006-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:29 . 2006-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2013-04-12 14:00 . 2006-08-04 12:00 1875968 ----a-w- c:\windows\system32\win32k.sys 2013-03-08 08:36 . 2006-08-04 12:00 330752 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2006-08-04 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2004-08-04 00:47 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-27 07:56 . 2012-09-03 23:51 2067456 ----a-w- c:\windows\system32\mstscax.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\docume~1\Justin\E0AC~1 ---- . 2013-05-13 06:15 . 2013-05-13 06:15 62 --sha-w- c:\docume~1\Justin\E0AC~1\????\?? ??\desktop.ini 2013-05-13 04:47 . 2013-05-13 04:47 1070 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\Dropbox.lnk 2013-05-13 04:14 . 2013-05-13 04:14 1548 ----a-w- c:\docume~1\Justin\E0AC~1\????\Google ??.lnk 2013-05-13 04:04 . 2013-05-13 04:04 803 ----a-w- c:\docume~1\Justin\E0AC~1\????\Internet Explorer.lnk 2013-05-13 04:04 . 2013-05-13 04:04 833 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\??? ??\Internet Explorer(?? ?? ??).lnk 2013-05-13 04:04 . 2013-05-13 04:04 774 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???.lnk 2013-05-13 04:04 . 2013-05-13 04:04 738 ----a-w- c:\docume~1\Justin\E0AC~1\????\Outlook Express.lnk 2013-05-13 04:03 . 2012-09-03 23:27 62 --sha-w- c:\docume~1\Justin\E0AC~1\desktop.ini 2013-05-13 04:03 . 2013-05-13 04:04 182 --sha-w- c:\docume~1\Justin\E0AC~1\????\desktop.ini 2013-05-13 04:03 . 2013-05-13 04:04 522 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\desktop.ini 2013-05-13 04:03 . 2012-09-03 23:55 1527 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\Windows XP ????.lnk 2013-05-13 04:03 . 2012-09-03 23:55 282 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\desktop.ini 2013-05-13 04:03 . 2012-09-03 23:55 1525 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\???.lnk 2013-05-13 04:03 . 2013-05-13 04:04 788 ----a-w- c:\docume~1\Justin\E0AC~1\????\Windows Media Player.lnk 2013-05-13 04:03 . 2012-09-03 23:53 1487 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\Windows ???.lnk 2013-05-13 04:03 . 2012-09-03 23:55 1539 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\???? ???.lnk 2013-05-13 04:03 . 2012-09-03 23:55 1519 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???.lnk 2013-05-13 04:03 . 2012-09-03 23:55 1501 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ??? ??\?? ???.lnk 2013-05-13 04:03 . 2013-05-21 23:29 1519 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???.lnk 2013-05-13 04:03 . 2012-09-03 23:55 1555 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\?? ????.lnk 2013-05-13 04:03 . 2012-09-03 23:55 1522 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\??? ?? ?? ???.lnk 2013-05-13 04:03 . 2012-09-03 23:55 386 ----a-w- c:\docume~1\Justin\E0AC~1\????\??????\???? ??? ???.lnk 2013-05-13 04:03 . 2012-09-03 23:55 84 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\??????\desktop.ini 2013-05-13 04:03 . 2012-09-03 23:55 1599 ----a-w- c:\docume~1\Justin\E0AC~1\????\?? ??.lnk 2013-05-13 04:03 . 2012-09-03 23:55 84 --sha-w- c:\docume~1\Justin\E0AC~1\????\??????\desktop.ini . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "HncUpdate"="c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe" [2012-09-04 715616] "PaTray"="c:\program files\AhnLab\APC2\Policy Agent\patray.exe" [2011-06-30 432840] "RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "IME14 KOR Uninstall"="c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240] "Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-20 345312] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="ctfmon.exe" [2008-04-13 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412] Ime File REG_SZ IMKR12.IME . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6063:TCP"= 6063:TCP:APC6063 "6178:TCP"= 6178:TCP:APC6178 "2191:UDP"= 2191:UDP:APCLOG . R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys [x] R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys [x] R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x] R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x] R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] S1 AMonTDnt;AMonTDnt;c:\windows\system32\Drivers\AMonTDnt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AnfdIOnt;AnfdIOnt;c:\windows\system32\Drivers\AnfdIOnt.sys [x] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 paSvc;Policy Agent Service;c:\program files\AhnLab\APC2\Policy Agent\pasvc.exe [x] S2 Policy Agent PD Service;Policy Agent PD Service;c:\program files\AhnLab\APC2\Policy Agent\PaPd.exe [x] S3 PDNfeNt;PDNfeNt;c:\program files\AhnLab\APC2\Policy Agent\PDNfeNt.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 03:48] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Microsoft Excel? ????(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{A97FA8F4-8FE2-411F-A2D2-FE2D9D8E9EFB}: NameServer = 210.220.16.7,164.124.101.2 DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://vbv.nonghyup.com/initech/plugin/down/INIS60.cab DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab DPF: {D179A761-637C-41DC-B2F4-5F3C9A81390C} - hxxp://58.29.236.68/PassChecker.cab FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\2y50jbm6.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-24 14:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HncUpdate = c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="??????à±î¾?????ø¨?à±î¾? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="??????à±î¾?????ø¨?à±î¾? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\IMKR12.IME . Completion time: 2013-05-24 14:50:37 ComboFix-quarantined-files.txt 2013-05-24 05:50 ComboFix2.txt 2013-05-20 00:26 . Pre-Run: 127,275,110,400 bytes free Post-Run: 127,264,739,328 bytes free . - - End Of File - - 52532F3BFE6F4191CA7B0CABD6D9B98A
  7. missionshill
    Okay, trying again.
  8. missionshill
    Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.19.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Justin :: 무안123 [administrator] 2013-05-22 오전 8:56:33 mbam-log-2013-05-22 (08-56-33).txt Scan type: Custom scan (C:\MSOCache|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 174 Time elapsed: 1 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. missionshill
    ComboFix 13-05-18.04 - Justin 2013-05-20 9:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1042.18.2038.1309 [GMT 9:00] Running from: c:\documents and settings\Justin\My Documents\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\RmAgent2.log c:\windows\system32\PDDRIVERUTIL.log c:\windows\system32\SLog.log c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\tmp c:\windows\tmp\dd_vcredistMSI68A4.txt c:\windows\tmp\dd_vcredistMSI7416.txt c:\windows\tmp\dd_vcredistUI68A4.txt c:\windows\tmp\dd_vcredistUI7416.txt c:\windows\tmp\qtsingleapp-koboex-f4a6-0-lockfile . . ((((((((((((((((((((((((( Files Created from 2013-04-20 to 2013-05-20 ))))))))))))))))))))))))))))))) . . 2013-05-13 04:44 . 2013-05-13 04:44 -------- d--h--w- c:\windows\PIF 2013-05-13 04:44 . 2013-05-13 04:44 -------- d-----r- c:\docume~1\Justin\E0AC~1 2013-05-13 04:03 . 2013-05-13 06:15 -------- d-----w- c:\documents and settings\Justin 2013-05-09 03:24 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A8B84381-FACA-4DE5-B78C-AC81EC210E83}\mpengine.dll 2013-05-07 23:54 . 2013-04-09 11:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-05 23:57 . 2013-05-13 04:43 -------- d-----w- c:\windows\system32\Adobe 2013-04-30 03:01 . 2012-06-02 06:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2013-04-30 00:42 . 2013-04-30 00:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-29 08:03 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-29 07:49 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-04-29 07:45 . 2013-04-29 07:45 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-29 07:38 . 2013-04-29 07:38 -------- d-----w- c:\program files\Common Files\INCA Shared 2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\Foruser Soft 2013-04-29 07:37 . 2013-04-29 07:37 -------- d-----w- c:\program files\NPKI 2013-04-29 07:33 . 2013-04-29 07:33 -------- d-----w- c:\documents and settings\Administrator\.swt 2013-04-29 05:31 . 2013-04-29 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-04-26 06:36 . 2013-05-13 04:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-04-26 06:36 . 2013-04-26 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 03:48 . 2012-09-04 00:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-15 03:48 . 2012-09-04 00:46 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-30 00:42 . 2012-09-07 02:42 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-30 00:42 . 2012-09-07 02:41 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-30 00:42 . 2012-09-07 02:41 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-16 22:16 . 2006-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-04-16 22:16 . 2006-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-04-16 22:16 . 2006-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-04-12 23:29 . 2006-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2013-04-12 14:00 . 2006-08-04 12:00 1875968 ----a-w- c:\windows\system32\win32k.sys 2013-03-08 08:36 . 2006-08-04 12:00 330752 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56 . 2006-08-04 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56 . 2004-08-04 00:47 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-27 07:56 . 2012-09-03 23:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 06:58 . 2013-04-30 01:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-08-04 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "HncUpdate"="c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe" [2012-09-04 715616] "PaTray"="c:\program files\AhnLab\APC2\Policy Agent\patray.exe" [2011-06-30 432840] "RTHDCPL"="RTHDCPL.EXE" [2010-11-16 19722344] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "IME14 KOR Uninstall"="c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240] "Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="ctfmon.exe" [2008-04-13 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412] Ime File REG_SZ IMKR12.IME . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6063:TCP"= 6063:TCP:APC6063 "6178:TCP"= 6178:TCP:APC6178 "2191:UDP"= 2191:UDP:APCLOG . R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys [x] R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys [x] R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x] R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x] R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] S1 AMonTDnt;AMonTDnt;c:\windows\system32\Drivers\AMonTDnt.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AnfdIOnt;AnfdIOnt;c:\windows\system32\Drivers\AnfdIOnt.sys [x] S2 paSvc;Policy Agent Service;c:\program files\AhnLab\APC2\Policy Agent\pasvc.exe [x] S2 Policy Agent PD Service;Policy Agent PD Service;c:\program files\AhnLab\APC2\Policy Agent\PaPd.exe [x] S3 PDNfeNt;PDNfeNt;c:\program files\AhnLab\APC2\Policy Agent\PDNfeNt.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 03:48] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Microsoft Excel? ????(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{A97FA8F4-8FE2-411F-A2D2-FE2D9D8E9EFB}: NameServer = 210.220.16.7,164.124.101.2 DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://vbv.nonghyup.com/initech/plugin/down/INIS60.cab DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab DPF: {D179A761-637C-41DC-B2F4-5F3C9A81390C} - hxxp://58.29.236.68/PassChecker.cab FF - ProfilePath - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\2y50jbm6.default\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-66148935.sys SafeBoot-72406307.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-20 09:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HncUpdate = c:\program files\Common Files\Hnc\HncUtils\HncChecker.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="??????à±î¾?????ø¨?à±î¾? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="??????à±î¾?????ø¨?à±î¾? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(796) c:\windows\system32\IMKR12.IME . Completion time: 2013-05-20 09:26:47 ComboFix-quarantined-files.txt 2013-05-20 00:26 . Pre-Run: 125,734,498,304 bytes free Post-Run: 125,919,686,656 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 481195B4B2C3D7E35DDE984F44FB5B04
  10. missionshill
    Hey all, first time post here. I recently have been unable to access google or install certain programs, and after trying to open internet explorer or use windows updates with no success I tried installed mbam (its my work computer, use it at home often). No success, can't install it or any other antivirus. Here is my DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2 Run by Justin at 15:15:04 on 2013-05-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1042.18.2038.1448 [GMT 9:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe C:\Program Files\AhnLab\APC2\Policy Agent\PaPd.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\AhnLab\APC2\Policy Agent\patray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HncUpdate] c:\program files\common files\hnc\hncutils\HncChecker.exe mRun: [PaTray] "c:\program files\ahnlab\apc2\policy agent\patray.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [iME14 KOR Uninstall] c:\program files\common files\microsoft shared\ime14\shared\IMEKLMG.EXE /Uninstall /KOR /Log mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [ctfmon.exe] ctfmon.exe StartupFolder: c:\docume~1\justin\e0ac~1\6dd0~1\ab6f~1\Dropbox.lnk - uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://vbv.nonghyup.com/initech/plugin/down/INIS60.cab DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} - hxxp://banking.nonghyup.com/shttp/install/down/INIS70.cab DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://banking.nonghyup.com/plugin/scsk/403174/SCSK4.cab DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346719379953 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367280649953 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {D179A761-637C-41DC-B2F4-5F3C9A81390C} - hxxp://58.29.236.68/PassChecker.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{A97FA8F4-8FE2-411F-A2D2-FE2D9D8E9EFB} : NameServer = 210.220.16.7,164.124.101.2 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL Hosts: 192.150.18.117 www.adobe.com Static IP Entry ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\justin\application data\mozilla\firefox\profiles\2y50jbm6.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npenkIEInstall5.dll FF - plugin: c:\windows\system32\nPFWFltU.dll FF - plugin: c:\windows\system32\nPFWU.dll FF - plugin: c:\windows\system32\npidsxU.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R1 AMonTDnt;AMonTDnt;c:\windows\system32\drivers\amontdnt.sys [2012-9-4 106120] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-8 119024] R2 AnfdIOnt;AnfdIOnt;c:\windows\system32\drivers\AnfdIOnt.sys [2012-9-4 15048] R2 paSvc;Policy Agent Service;c:\program files\ahnlab\apc2\policy agent\PaSvc.exe [2012-9-4 858824] R2 Policy Agent PD Service;Policy Agent PD Service;c:\program files\ahnlab\apc2\policy agent\PaPd.exe [2012-9-4 125640] R3 PDNfeNt;PDNfeNt;c:\program files\ahnlab\apc2\policy agent\PdNfeNt.sys [2012-9-4 33088] S3 AhnFlt2K;AhnFlt2K;\??\c:\windows\system32\drivers\ahnflt2k.sys --> c:\windows\system32\drivers\AhnFlt2K.sys [?] S3 AhnRec2K;AhnRec2K;\??\c:\windows\system32\drivers\ahnrec2k.sys --> c:\windows\system32\drivers\AhnRec2K.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-9-4 1691480] S3 JRSKD24;JRSKD24;\??\c:\windows\system32\jrskd24.sys --> c:\windows\system32\JRSKD24.SYS [?] S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2012-11-27 126048] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-13 35144] . =============== File Associations =============== . ShellExec: Hwp.exe: print=c:\hnc\hwp70\HwpPrnMng.exe /p "%1" . =============== Created Last 30 ================ . 2013-05-13 04:58:43 -------- d-----w- c:\documents and settings\justin\local settings\application data\Mozilla 2013-05-13 04:57:32 -------- d-----w- c:\documents and settings\justin\local settings\application data\Sun 2013-05-13 04:47:18 -------- d-----w- c:\documents and settings\justin\application data\Dropbox 2013-05-13 04:44:41 -------- d-----w- c:\documents and settings\justin\application data\Windows Desktop Search 2013-05-13 04:44:40 -------- d--h--w- c:\windows\PIF 2013-05-13 04:44:40 -------- d-----w- c:\documents and settings\justin\?? ?? 2013-05-13 04:44:40 -------- d-----r- c:\documents and settings\justin\?? ?? 2013-05-13 04:12:48 -------- d-----w- c:\documents and settings\justin\local settings\application data\Google 2013-05-13 04:04:49 -------- d-----w- c:\documents and settings\justin\local settings\application data\Identities 2013-05-13 04:04:16 -------- d-sh--w- c:\documents and settings\justin\IETldCache 2013-05-13 04:03:30 -------- d-----w- c:\documents and settings\justin\local settings\application data\Microsoft 2013-05-13 03:56:59 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-05-09 03:24:12 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a8b84381-faca-4de5-b78c-ac81ec210e83}\mpengine.dll 2013-05-07 23:54:19 6906960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-05-05 23:57:03 -------- d-----w- c:\windows\system32\Adobe 2013-04-30 03:01:48 275696 ----a-w- c:\windows\system32\mucltui.dll 2013-04-30 03:01:48 14576 ----a-w- c:\windows\system32\mucltui.dll.mui 2013-04-30 00:42:38 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-29 08:03:33 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-29 07:49:58 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-04-29 07:49:58 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys 2013-04-29 07:45:16 -------- d-----w- c:\windows\system32\wbem\repository\FS 2013-04-29 07:45:16 -------- d-----w- c:\windows\system32\wbem\Repository 2013-04-29 07:38:10 -------- d-----w- c:\program files\common files\INCA Shared 2013-04-29 07:37:10 -------- d-----w- c:\program files\Foruser Soft 2013-04-29 07:37:08 -------- d-----w- c:\program files\NPKI 2013-04-29 05:31:06 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-04-29 05:23:25 -------- d-----w- c:\windows\pss 2013-04-26 06:36:04 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-04-26 06:36:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com . ==================== Find3M ==================== . 2013-05-09 04:11:14 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-09 04:11:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-30 00:42:16 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-30 00:42:13 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-30 00:42:13 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-08 08:36:11 330752 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 15:56:51 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 15:56:51 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 01:57:44 1866880 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:53:28 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 01:53:25 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 01:53:25 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec 2013-02-27 07:56:46 2067456 ----a-w- c:\windows\system32\mstscax.dll . ============= FINISH: 15:15:51.40 =============== AND Here is my Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . . Motherboard: SAMSUNG ELECTRONICS CO.,LTD | | DeskTop System Processor: Intel® Pentium® 4 CPU 3.00GHz | LGA 775 | 2992/mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 142 GiB total, 117.742 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318} Description: Intel® 82915G/GV/910GL Express Chipset Family Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_6840144D&REV_0E\3&61AAA01&0&10 Manufacturer: Intel Corporation Name: Intel® 82915G/GV/910GL Express Chipset Family PNP Device ID: PCI\VEN_8086&DEV_2582&SUBSYS_6840144D&REV_0E\3&61AAA01&0&10 Service: ialm . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: Virtual CloneDrive Device ID: ROOT\SCSIADAPTER\0000 Manufacturer: Elaborate Bytes AG Name: Virtual CloneDrive PNP Device ID: ROOT\SCSIADAPTER\0000 Service: VClone . ==== System Restore Points =================== . . ==== Installed Programs ====================== . ?????? ?? 2007 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 12.0 AhnLab Policy Agent 4.0 CCleaner CutePDF Writer 3.0 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Intel® Graphics Media Accelerator Driver Intel® Network Connections Drivers J2SE Runtime Environment 5.0 Java 7 Update 21 Java Auto Updater Korean Fonts Support For Adobe Reader X Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 ??? ?? ? Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base ??? ?? ??? ??? ??? ??? Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (Korean) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (Korean) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (Korean) 2007 Microsoft Office IME (Korean) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office InfoPath MUI (Korean) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (Korean) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (Korean) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (Korean) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Korean) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (Korean) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (Korean) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (Korean) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (Korean) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Software Update for Web Folders (Korean) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 ?? ? SDK Realtek High Definition Audio Driver Rosetta Stone Version 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition SUPERAntiSpyware swMSM Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition VirtualCloneDrive VLC media player 2.0.5 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 7? ?? ???? (KB2544521) Windows Internet Explorer 7? ?? ???? (KB2722913) Windows Internet Explorer 8 Windows Internet Explorer 8? ?? ???? (KB2510531) Windows Internet Explorer 8? ?? ???? (KB2544521) Windows Internet Explorer 8? ?? ???? (KB2618444) Windows Internet Explorer 8? ?? ???? (KB2744842) Windows Internet Explorer 8? ?? ???? (KB2761465) Windows Internet Explorer 8? ?? ???? (KB2792100) Windows Internet Explorer 8? ?? ???? (KB2797052) Windows Internet Explorer 8? ?? ???? (KB2799329) Windows Internet Explorer 8? ?? ???? (KB2817183) Windows Internet Explorer 8? ?? ???? (KB982381) Windows Internet Explorer 8? ???? (KB2598845) Windows Internet Explorer 8? ???? (KB2632503) Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 WinRAR 4.20 (32-bit) . ==== End Of File =========================== Hope I can get this resolved, thanks for taking a look!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.