Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue FakeHDD(S.M.A.R.T)HDD Virus.


  • This topic is locked This topic is locked
3 replies to this topic

#1 WHJake

WHJake

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 29 September 2012 - 08:20 AM

Hello!,I'm sorry that the topic description feels a little rude I'm a non-English speaker so I happen to lose the track of the nuances often,I forgot to add a smilie at the tip of its sentence,I hope you understand...but if you allow me..I recently got infected by the Rogue FakeHDD virus which is also known as S.M.A.R.T HDD virus,after the infection I searched the solution on the web and reached the one that was provided on this site,so I could follow the instructions and got most of important things restored,so far I ran Unhide,Rkill,TDSS Killer,MBAM and for the extra procedures I also ran Hitman Pro,and Rogue Killer:).

The Rogue Killer restored my MBR with the one from Windows XP,so I manually restored it back to the one from Windows 7.I think I almost got everything worked out but I'm not sure that my IE is working properly.It has simutaneous page crashes with 'Page not found' errors even though the page actually exists,and I cannot get facebook chat message alarms since the infection,it should make a sound everytime I get the message as it used to before,but I still cannot get it working:(.

Ahh and I'm sorry I didn't know that I should run Combofix only when I was asked to,I found out about that cautuion after I accidentaly ran Combofix already.If you want the log of it,I will also post it in the next reply:).

Is my computer competely healed and restored? Or do I need further extra measures?

I'm really sorry that I really didn't know that I shouldn't have got laid my hands on it before I was instructed to,I found this forum after I did things to my computer...but thank you so much for reading my long post.


Here is my DDS Log(Attach.txt log is attached also):

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jake at 21:33:51 on 2012-09-29
Microsoft Windows 7 Professional K 6.1.7601.1.949.82.1042.18.16375.14408 [GMT 9:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\ut\Kaspersky Internet Security 2012(x86)\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system\HsMgr64.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\ut\Kaspersky Internet Security 2012(x86)\avp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant =
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - D:\ut\Internet Download Manager(x86)\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - D:\ut\Kaspersky Internet Security 2012(x86)\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - D:\ut\Kaspersky Internet Security 2012(x86)\klwtbbho.dll
mRun: [AVP] "D:\ut\Kaspersky Internet Security 2012(x86)\avp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Microsoft Excel로 내보내기(&X) - D:\ut\MICROS~2\Office12\EXCEL.EXE/3000
IE: 안티 배너에 추가 - D:\ut\Kaspersky Internet Security 2012(x86)\ie_banner_deny.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\ut\Kaspersky Internet Security 2012(x86)\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\ut\Kaspersky Internet Security 2012(x86)\klwtbbho.dll
Trusted Zone: bigfile.co.kr
Trusted Zone: dacom.net
Trusted Zone: filefarm.co.kr
Trusted Zone: filenori.co.kr
Trusted Zone: filenori.com
Trusted Zone: lgdacom.net
Trusted Zone: stardisk.co.kr
Trusted Zone: stardisk.kr
Trusted Zone: uplus.co.kr
Trusted Zone: uplus.co.kr\xpayvip
DPF: {00C3D8DD-8D26-41D1-BD7E-9BEC60F29516} - hxxp://myspeed.skbroadband.com/cab/qmsforhanaro.cab
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {03AF249E-119E-4569-838E-167E929EC6DB} - hxxp://www.filefarm.co.kr/client/FileFarm.cab
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {073B160A-FF55-4337-91F1-50C483183810} - hxxp://setup.tple.co.kr/files/application/tple/TpleControl19.CAB
DPF: {07D512E3-9534-4696-9BA2-B42704EB5020} - hxxp://app.applefile.com/app/ApplefilesWebControl.CAB
DPF: {0FA97F46-8BCD-456F-89C4-9845133DEE94} - hxxp://www.lottecard.co.kr/ipinside/plug/I3GManager.cab
DPF: {1135E012-EC5B-4561-AD48-209FE55F8997} - hxxp://www.hardstore.co.kr/V3_HasClient/HasActivexV3/HasActivexV3.cab
DPF: {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} - hxxp://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyProInst.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {180C8380-22BA-4A62-A0E8-79F8DCE56B19} - hxxp://sub.sharebox.co.kr/ShareBoxCtrl.cab
DPF: {187A998F-CC68-4F6F-B916-7C057DF0E63A} - hxxp://www.candyfile.co.kr/mmsv/CandyWebControl.CAB
DPF: {1CC26E3F-F20A-4074-8BB0-F34242591459} - hxxp://air.hs.ac.kr:7000/cabsoft/instre/reportexpress.cab
DPF: {1D234939-05E7-4ADB-BCF3-465EA407C126} - hxxps://simage.kyobobook.co.kr/newimages/apps/b2c/giftcard/NicePosWebV205.cab
DPF: {208ABF6C-3809-460C-9159-60A66C6A4DD4} - hxxp://img.topfile.co.kr/app/control/TopFileControl.CAB
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} - hxxp://activexdown.paran.com/paranactivex/data/uploadlauncher.cab
DPF: {2587A1BE-8046-4FC3-A957-C489945110E1} - hxxp://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_3_LG_UPLUS.cab
DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} - hxxp://simfile.chol.com/activex/SimFileControl.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://plugin.inicis.com/banktown/initech/plugin/down/INIS60.cab
DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB
DPF: {2C68D4E4-F2BD-4880-A868-4C2AE0762306} - hxxp://air.hs.ac.kr:7000/cabsoft/instrx/cab/xinstall.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://plugin.inicis.com/easykeytec/easykeytec.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {331BE90D-488B-4270-8089-39221E4E4928} - hxxp://www.bondisk.com/mmsv/BonDiskControl.CAB
DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} - hxxp://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB
DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} - hxxp://img.shinhan.com/shttp/install/7209/down/INIS70.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://img.shinhan.com/rib/common/keyStroke/SoftCamp/403174/SCSK4_WOW64.cab
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} - hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} - hxxp://www.benchbee.co.kr/common/cab/sysinfo2.cab
DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB
DPF: {42E8651D-C437-4203-93F5-24E20C2C4465} - hxxps://www.vpay.co.kr/kvpfiles/KVPCyberCard.cab
DPF: {47660CBA-279C-4E16-9155-6249F30012AD} - hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_0_LG_UPLUS.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab
DPF: {4C55B9F3-81AC-4901-9F5B-6F53B12075F4} - hxxp://www.filefarm.co.kr/clientNew/FileFarmActiveX.cab
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://update.nprotect.net/tyscan/b2b/nps.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/shinhancard/npstarter_070716.cab
DPF: {54A1AC78-6F1E-4142-8A1E-E21FE6A996FE} - hxxp://www.stardisk.co.kr/Contents/StarDiskAX.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {5C4E056C-AB90-4B5E-9AC7-8D2EDB18DD9A} - hxxp://img.topfile.co.kr/app/control/TopFileCtrl_1.0.0.3.CAB
DPF: {5D1317E0-98DD-4A64-907A-DCF3BBD28BA5} - hxxp://www.82movie.com/p2p/ActiveX/Sol2_SeverFileX.ocx
DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} - hxxps://pgdownload.uplus.co.kr/common/js/crossdomain/DacomCrossDomain.cab
DPF: {636ABE5E-6EE8-4BB2-A94E-98EED47FC7AF} - hxxp://www.filedok.com/mmsv/FileDokCtl.CAB
DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid_86.cab
DPF: {6738F66E-B252-4BDB-ADA6-1A18EB2AA8EA} - hxxp://qbic.dreamx.com/component/QbicComponent.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyPro3024_32k.cab
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://kr.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: {742E2B0A-D90A-4570-A5AE-2CC68B11097D} - hxxps://dn4.realscan.co.kr/data/realscan/RealScan_Launcher.cab
DPF: {7A6395E4-00CD-4B5A-A5AF-F3958618D9CE} - file:///C:/Users/Jake/AppData/Local/Temp/rxproplus.cab
DPF: {7DC257DD-4939-4F16-B8AF-0A74F9080B64} - hxxp://kspay.ksnet.to/store/KSPayActiveX/update/files/common/KSNETPayMain.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab
DPF: {7FAE8B01-5F20-43AC-9DFF-ABDA3591BBB4} - hxxp://www.bigfile.co.kr/client/BigFileVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8B95CDB4-7F5F-44FA-803E-1F31963D711F} - hxxp://www.filebada.com/Client/Ocx/FB_OCX.CAB
DPF: {8C116A92-3C1C-47CB-AB76-456BFA30D4D5} - hxxp://clean.skbroadband.com/WPincX/bncInstallX.cab
DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cab
DPF: {8FAE8B01-5F20-43AC-9DFF-ABDA3591BBB4} - hxxp://www.filefarm.co.kr/client/FileFarmVista.cab
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} - hxxp://img.shinhan.com/rib/ko/print/PrintmadeActiveX.cab
DPF: {977FEC65-6190-4BF0-A871-A70DE5B8497A} - hxxp://setup.tple.co.kr/files/application/tple/TpleControl37.CAB
DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} - hxxps://pgdownload.uplus.co.kr/lgdacom/LGDacomXPayUpdater.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9CBC0296-6A35-470E-BA9A-F33A587AF7A7} - hxxp://www.xdisk.co.kr/app/bin/FileMgr.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_9_4_DE.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://download.auction.co.kr/activexpay/20120821/BankPayEFT.cab
DPF: {B3E4F985-F780-4CC8-ADC7-9ABF07DFC12D} - hxxp://www.hidisk.com/mmsv/HidiskWebControl.CAB
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BABE8880-31A7-4D56-8426-9E63BDF78452} - hxxp://turboupdate.com/TurboVaccineOnline/Online/TvOActiveX.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.shinhancard.com/infovine/VineTransfer.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {C6F70391-1525-4698-903C-AABC591E45E8} - hxxp://www.filecity.co.kr/mmsv/FileCityControl.cab
DPF: {CAFA8355-60CC-4794-A184-A2756AE686E6} - hxxp://www.filefarm.co.kr/APPLICATION/bin/FarmControl.ocx
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CD5D5907-8BF7-45EE-AEFA-6D2C042DED41} - hxxp://img.megastudy.net/InfoCtrl-1.0.0.2.Cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4CA4B54-056A-4011-BC50-7C49AFF981A4} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtCxCtlCon.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxps://supdate.nprotect.net/nprotect2007/keycrypt/sci/br/npkcx_1004271.cab
DPF: {D7604BF1-A066-4DD0-8166-55E0DE7B7079} - hxxp://setup.tple.co.kr/files/application/tple/TpleControl36.CAB
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxps://plugin.inicis.com/wallet60/INIwallet60_vista.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://sims.sktelecom.com/ActiveX/CongnamulMap4Asp_V2_0_2_5.cab
DPF: {D9C4AD05-B7FD-4F0C-ACEB-B24D0DECE79F} - hxxp://www.megafile.co.kr/webhard/megafile.cab
DPF: {DAABE2E9-8E76-4433-A484-534A84092C34} - hxxp://adrive.co.kr/setup/ADriveWebControl.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxps://supdate.nprotect.net/nprotect2007/lottecom/npz.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} - hxxp://www.viruschaser.com/Kor/vc4w_ocx/Vcrscan.CAB
DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {F6845081-F408-4A2D-9EBD-242E3470D5C6} - hxxp://www.phototo.co.kr/apps/PhototoLauncher.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} - hxxps://www.isaackorea.net/update/ansim/ilkactx.cab
TCP: Interfaces\{AE227411-E796-453E-9956-2C192DAAE340} : NameServer = 168.126.63.1,168.126.63.2
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\INITECH\SHTTP\InitechSHTTPInterface.11014.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\INITECH\SHTTP\InitechSHTTPInterface.11014.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{E33CF602-D945-461A-83F0-819F76A199F8}
mRun-x64: [AVP] "D:\ut\Kaspersky Internet Security 2012(x86)\avp.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 AMonTDLH;AMonTDLH;\??\C:\Windows\system32\Drivers\AMonTDLH.sys --> C:\Windows\system32\Drivers\AMonTDLH.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;D:\ut\Kaspersky Internet Security 2012(x86)\avp.exe [2011-4-24 202296]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 cmudaxp;Auzen X-Meridian 7.1 2G Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys --> C:\Windows\system32\drivers\cmudaxp.sys [?]
R3 JRSUKD25;JRSUKD25;\??\C:\Windows\system32\JRSUKD25.SYS --> C:\Windows\system32\JRSUKD25.SYS [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-21 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253088]
S3 AdvancedSystemCareService5;Advanced SystemCare Service 5;D:\ut\Advanced SystemCare 5(x86)\ASCService.exe [2011-12-27 913792]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 dgderdrv;dgderdrv;C:\Windows\system32\drivers\dgderdrv.sys --> C:\Windows\system32\drivers\dgderdrv.sys [?]
S3 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S3 JRSKD24;JRSKD24;\??\C:\Windows\system32\JRSKD24.SYS --> C:\Windows\system32\JRSKD24.SYS [?]
S3 kcrtx64;kcrtx64;\??\C:\Windows\system32\kcrtx64.sys --> C:\Windows\system32\kcrtx64.sys [?]
S3 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-21 399432]
S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2010-6-21 126072]
S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2010-6-21 155256]
S3 NPFW;NPFW;\??\C:\Windows\system32\NPFWVT64.sys --> C:\Windows\system32\NPFWVT64.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 ssaebus;SAMSUNG Android Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssaebus.sys --> C:\Windows\system32\DRIVERS\ssaebus.sys [?]
S3 ssaemdfl;SAMSUNG Android Modem (Filter);C:\Windows\system32\DRIVERS\ssaemdfl.sys --> C:\Windows\system32\DRIVERS\ssaemdfl.sys [?]
S3 ssaemdm;SAMSUNG Android Modem Drivers;C:\Windows\system32\DRIVERS\ssaemdm.sys --> C:\Windows\system32\DRIVERS\ssaemdm.sys [?]
S3 ssaend5;SAMSUNG Android Networking (CDC/EEM Ethernet) Drivers (NDIS);C:\Windows\system32\DRIVERS\ssaend5.sys --> C:\Windows\system32\DRIVERS\ssaend5.sys [?]
S3 ssaeunic;SAMSUNG Android Networking (CDC/EEM Ethernet) Drivers (WDM);C:\Windows\system32\DRIVERS\ssaeunic.sys --> C:\Windows\system32\DRIVERS\ssaeunic.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-10-10 16392]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vpcuxd;USB 가상화 스텁 서비스;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]
S3 WatAdminSvc;Windows 정품 인증 기술 서비스;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 BNDownService;File Download Service;C:\Program Files (x86)\GDownService\GDownService.exe [2011-4-28 152576]
S4 nPStarterSVC;nProtect Starter;C:\Windows\System32\npstartersvc.exe [2009-2-17 250145]
S4 SkypeUpdate;Skype Updater;D:\ut\Skype\Updater\Updater.exe [2012-7-13 160944]
S4 WinCloud;WinCloud;C:\Program Files (x86)\candyfile.co.kr\CandyFile(Fast)\WinCloud.exe [2012-5-9 1341528]
.
=============== Created Last 30 ================
.
2012-09-27 16:23:06 -------- d-----w- C:\$RECYCLE.BIN
2012-09-27 16:13:21 98816 ----a-w- C:\Windows\sed.exe
2012-09-27 16:13:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-27 16:13:21 256000 ----a-w- C:\Windows\PEV.exe
2012-09-27 16:13:21 208896 ----a-w- C:\Windows\MBR.exe
2012-09-23 17:51:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-22 21:19:51 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-09-22 20:52:55 -------- d-----w- C:\Program Files\HitmanPro
2012-09-22 20:51:25 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-21 18:04:47 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9B4EE70-3E1A-44F1-B7DA-4BB7DFE8C5BC}\mpengine.dll
2012-09-21 09:27:37 39048 ----a-w- C:\Windows\SysWow64\TKToolNt4.sys
2012-09-21 09:27:37 28696 ----a-w- C:\Windows\SysWow64\TKTool2k64.sys
2012-09-21 09:27:37 249856 ----a-w- C:\Windows\SysWow64\TKTool.dll
2012-09-21 09:27:37 242360 ----a-w- C:\Windows\SysWow64\TeCtrl.dll
2012-09-21 09:27:37 236544 ----a-w- C:\Windows\SysWow64\TKTool64.dll
2012-09-21 09:27:37 18048 ----a-w- C:\Windows\SysWow64\TKTool2k.sys
2012-09-21 09:27:37 1315104 ----a-w- C:\Windows\SysWow64\npescannerb.exe
2012-09-20 17:50:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-20 09:11:11 -------- d-----w- C:\Users\Jake\AppData\Roaming\Malwarebytes
2012-09-20 09:10:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-18 13:24:07 -------- d-----w- C:\Users\Jake\AppData\Local\{D28CFB44-815F-4D77-A3B0-90C6EB7DA802}
2012-09-17 14:29:01 -------- d-----w- C:\Users\Jake\AppData\Local\{8873C264-ACEC-457E-A7F7-A7EB9852A20C}
2012-09-13 18:04:22 -------- d-----w- C:\Users\Jake\AppData\Local\{1EA403D9-619A-4F33-B23D-D6E3DC00F499}
2012-09-12 19:22:52 -------- d-----w- C:\Users\Jake\AppData\Local\{1587AB1F-D645-4EEE-B04B-422181D259FA}
2012-09-11 09:16:44 -------- d-----w- C:\Users\Jake\AppData\Local\{B28D0244-26F0-4958-BF56-05E3C55120C0}
2012-09-09 11:20:42 -------- d-----w- C:\Users\Jake\AppData\Local\{D393C75C-337A-4BB0-913B-4F79AFB49498}
2012-09-08 15:53:46 -------- d-----w- C:\ProgramData\Norton
2012-09-04 11:58:19 -------- d-----w- C:\Users\Jake\AppData\Local\{DB0403DE-3633-4CC1-864F-672A2A6576FC}
2012-09-01 18:08:12 -------- d-----w- C:\ProgramData\F-Secure
2012-08-31 18:10:10 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-08-31 18:10:10 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
.
==================== Find3M ====================
.
2012-09-19 18:09:00 39096 ----a-w- C:\Windows\SysWow64\drivers\scskusbs.sys
2012-09-19 18:09:00 289384 ----a-w- C:\Windows\SysWow64\SCSKUSB64Restarter.exe
2012-09-19 18:09:00 17080 ----a-w- C:\Windows\SysWow64\drivers\scskusbf.sys
2012-08-30 11:01:46 17688 ----a-w- C:\Windows\System32\JRSUKD25.SYS
2012-08-30 11:01:46 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2012-08-28 01:04:34 330240 ----a-w- C:\Windows\MASetupCaller.dll
2012-08-28 01:04:32 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2012-08-28 01:04:32 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 00:04:54 1266704 ----a-w- C:\Windows\SysWow64\BankPayEFT.ocx
2012-08-17 13:21:00 3006264 ----a-w- C:\Windows\System32\btscan.exe
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-26 04:05:40 495616 ----a-w- C:\Windows\SysWow64\KvpUpCom.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-04 20:26:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-07-03 04:04:28 278528 ----a-w- C:\Windows\SysWow64\CKAppEx_KFTC.dll
2012-07-02 06:29:04 2189408 ----a-w- C:\Windows\SysWow64\ISPPopUpDlg.exe
.
============= FINISH: 21:34:23.43 ===============

Edited by WHJake, 29 September 2012 - 02:22 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 01 October 2012 - 07:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please run ComboFix one more time and post a fresh Log.
You may be asked to update. Please do.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

#3 WHJake

WHJake
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 02 October 2012 - 12:53 PM

Hi! Thank you! for helping=].Sorry for the late message,I was away from the computer for all day long,

I ran the 3 programs as I was instructed to and got the logs of the followings(I don't know I should attach them or write here,so I'll just paste it here):


Combofix Log-

ComboFix 12-10-02.02 - Jake 2012-10-03 2:12.2.4 - x64
Microsoft Windows 7 Professional K 6.1.7601.1.949.82.1042.18.16375.14505 [GMT 9:00]
Running from: c:\users\Jake\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-09-23 17:51 . 2012-09-23 19:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-22 21:19 . 2012-09-22 21:19 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-22 20:52 . 2012-09-22 20:52 -------- d-----w- c:\program files\HitmanPro
2012-09-22 20:51 . 2012-09-22 21:19 -------- d-----w- c:\programdata\HitmanPro
2012-09-21 18:04 . 2012-09-18 15:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9B4EE70-3E1A-44F1-B7DA-4BB7DFE8C5BC}\mpengine.dll
2012-09-21 09:27 . 2012-04-30 17:39 1315104 ----a-w- c:\windows\SysWow64\npescannerb.exe
2012-09-21 09:27 . 2010-06-16 02:47 242360 ----a-w- c:\windows\SysWow64\TeCtrl.dll
2012-09-21 09:27 . 2009-11-27 07:13 249856 ----a-w- c:\windows\SysWow64\TKTool.dll
2012-09-21 09:27 . 2009-11-27 07:13 236544 ----a-w- c:\windows\SysWow64\TKTool64.dll
2012-09-21 09:27 . 2008-06-02 08:25 28696 ----a-w- c:\windows\SysWow64\TKTool2k64.sys
2012-09-21 09:27 . 2008-06-02 08:24 39048 ----a-w- c:\windows\SysWow64\TKToolNt4.sys
2012-09-21 09:27 . 2008-06-02 08:23 18048 ----a-w- c:\windows\SysWow64\TKTool2k.sys
2012-09-20 17:50 . 2012-09-21 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-20 13:39 . 2012-09-20 13:39 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-09-20 09:11 . 2012-09-20 09:11 -------- d-----w- c:\users\Jake\AppData\Roaming\Malwarebytes
2012-09-20 09:10 . 2012-09-20 09:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-08 15:53 . 2012-09-08 20:22 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 18:09 . 2012-04-12 13:43 39096 ----a-w- c:\windows\SysWow64\drivers\scskusbs.sys
2012-09-19 18:09 . 2012-04-12 13:43 17080 ----a-w- c:\windows\SysWow64\drivers\scskusbf.sys
2012-09-19 18:09 . 2010-02-06 14:45 289384 ----a-w- c:\windows\SysWow64\SCSKUSB64Restarter.exe
2012-08-30 15:43 . 2010-01-01 09:00 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 11:01 . 2010-07-12 17:46 17688 ----a-w- c:\windows\system32\JRSUKD25.SYS
2012-08-30 11:01 . 2010-07-12 17:46 141848 ----a-w- c:\windows\system32\kcrtx64.sys
2012-08-28 01:04 . 2011-02-17 06:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-08-28 01:04 . 2011-03-03 02:15 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-08-28 01:04 . 2011-02-17 06:17 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-08-20 00:04 . 2012-08-20 00:04 1266704 ----a-w- c:\windows\SysWow64\BankPayEFT.ocx
2012-08-17 13:21 . 2012-07-15 16:18 3006264 ----a-w- c:\windows\system32\btscan.exe
2012-07-31 10:42 . 2012-08-31 18:10 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-31 10:42 . 2012-08-31 18:10 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-26 04:05 . 2012-07-26 04:05 495616 ----a-w- c:\windows\SysWow64\KvpUpCom.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\ut\Kaspersky Internet Security 2012(x86)\avp.exe" [2011-04-24 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AMonTDnt;AMonTDnt;c:\windows\system32\Drivers\AMonTDnt.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AMonHKnt;AMonHKnt;c:\windows\system32\Drivers\AMonHKnt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\ut\Advanced SystemCare 5(x86)\ASCService.exe [2012-05-26 913792]
R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\Drivers\AhnFlt2k.sys [x]
R3 AhnRec2k;AhnRec2k;c:\windows\system32\Drivers\AhnRec2k.sys [x]
R3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;d:\ut\Estsoft\Alyac\AYDrvSP.sys [x]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [x]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-08-24 20552]
R3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;d:\ut\estsoft\alyac\plugin\realtime\EstRtw.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-04-23 154272]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2011-02-27 13896]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2012-08-30 141848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 126072]
R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 155256]
R3 NPFW;NPFW;c:\windows\system32\NPFWVT64.sys [2010-05-13 135776]
R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys [x]
R3 npkuft64;npkuft64;c:\windows\SysWOW64\npkuft64.sys [x]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 scskusbs;USB SCSK Driver Service;syswow64\drivers\scskusbs.sys [x]
R3 ssaebus;SAMSUNG Android Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssaebus.sys [2010-04-27 136264]
R3 ssaemdfl;SAMSUNG Android Modem (Filter);c:\windows\system32\DRIVERS\ssaemdfl.sys [2010-04-27 19016]
R3 ssaemdm;SAMSUNG Android Modem Drivers;c:\windows\system32\DRIVERS\ssaemdm.sys [2010-04-27 171592]
R3 ssaend5;SAMSUNG Android Networking (CDC/EEM Ethernet) Drivers (NDIS);c:\windows\system32\DRIVERS\ssaend5.sys [2010-04-27 34376]
R3 ssaeunic;SAMSUNG Android Networking (CDC/EEM Ethernet) Drivers (WDM);c:\windows\system32\DRIVERS\ssaeunic.sys [2010-04-27 178760]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-02-17 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vpcuxd;USB 가상화 스텁 서비스;c:\windows\system32\drivers\vpcuxd.sys [2010-11-20 16384]
R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-14 1255736]
R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys [x]
R4 BNDownService;File Download Service;c:\program files (x86)\GDownService\GDownService.exe [2011-04-12 152576]
R4 nPStarterSVC;nProtect Starter;c:\windows\system32\nPStarterSVC.exe [x]
R4 SkypeUpdate;Skype Updater;d:\ut\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 WinCloud;WinCloud;c:\program files (x86)\candyfile.co.kr\CandyFile(Fast)\WinCloud.exe [2012-05-08 1341528]
S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [2011-05-26 117336]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
S3 cmudaxp;Auzen X-Meridian 7.1 2G Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2010-10-28 1267200]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2012-08-30 17688]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]
S3 scskusbf;USB SCSK Filter Driver Service;syswow64\drivers\scskusbf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 03:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- d:\ut\Internet Download Manager(x86)\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-03-01 8765440]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
mSearchAssistant =
IE: Microsoft Excel로 내보내기(&X) - d:\ut\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bigfile.co.kr
Trusted Zone: dacom.net
Trusted Zone: filefarm.co.kr
Trusted Zone: filenori.co.kr
Trusted Zone: filenori.com
Trusted Zone: lgdacom.net
Trusted Zone: stardisk.co.kr
Trusted Zone: stardisk.kr
Trusted Zone: uplus.co.kr
Trusted Zone: uplus.co.kr\xpayvip
TCP: DhcpNameServer = 192.168.42.129
TCP: Interfaces\{AE227411-E796-453E-9956-2C192DAAE340}: NameServer = 168.126.63.1,168.126.63.2
DPF: {00C3D8DD-8D26-41D1-BD7E-9BEC60F29516} - hxxp://myspeed.skbroadband.com/cab/qmsforhanaro.cab
DPF: {03AF249E-119E-4569-838E-167E929EC6DB} - hxxp://www.filefarm.co.kr/client/FileFarm.cab
DPF: {073B160A-FF55-4337-91F1-50C483183810} - hxxp://setup.tple.co.kr/files/application/tple/TpleControl19.CAB
DPF: {07D512E3-9534-4696-9BA2-B42704EB5020} - hxxp://app.applefile.com/app/ApplefilesWebControl.CAB
DPF: {0FA97F46-8BCD-456F-89C4-9845133DEE94} - hxxp://www.lottecard.co.kr/ipinside/plug/I3GManager.cab
DPF: {1135E012-EC5B-4561-AD48-209FE55F8997} - hxxp://www.hardstore.co.kr/V3_HasClient/HasActivexV3/HasActivexV3.cab
DPF: {1219B6C3-CD4D-4243-9A4F-4C9F12FCC6E7} - hxxp://ck.softforum.co.kr/CKKeyPro/yessign/CKKeyProInst.cab
DPF: {180C8380-22BA-4A62-A0E8-79F8DCE56B19} - hxxp://sub.sharebox.co.kr/ShareBoxCtrl.cab
DPF: {187A998F-CC68-4F6F-B916-7C057DF0E63A} - hxxp://www.candyfile.co.kr/mmsv/CandyWebControl.CAB
DPF: {1CC26E3F-F20A-4074-8BB0-F34242591459} - hxxp://air.hs.ac.kr:7000/cabsoft/instre/reportexpress.cab
DPF: {1D234939-05E7-4ADB-BCF3-465EA407C126} - hxxps://simage.kyobobook.co.kr/newimages/apps/b2c/giftcard/NicePosWebV205.cab
DPF: {208ABF6C-3809-460C-9159-60A66C6A4DD4} - hxxp://img.topfile.co.kr/app/control/TopFileControl.CAB
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} - hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: {25794D3C-E2F0-40B8-9C11-F38DC1908633} - hxxp://activexdown.paran.com/paranactivex/data/uploadlauncher.cab
DPF: {2587A1BE-8046-4FC3-A957-C489945110E1} - hxxp://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_3_LG_UPLUS.cab
DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} - hxxp://simfile.chol.com/activex/SimFileControl.cab
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://plugin.inicis.com/banktown/initech/plugin/down/INIS60.cab
DPF: {287A998F-CC68-4F6F-B916-7C057DF0E63B} - hxxp://www.fdisk.co.kr/mmsv/FdiskWebControl.CAB
DPF: {2C68D4E4-F2BD-4880-A868-4C2AE0762306} - hxxp://air.hs.ac.kr:7000/cabsoft/instrx/cab/xinstall.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://plugin.inicis.com/easykeytec/easykeytec.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {331BE90D-488B-4270-8089-39221E4E4928} - hxxp://www.bondisk.com/mmsv/BonDiskControl.CAB
DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} - hxxp://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} - hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} - hxxp://www.benchbee.co.kr/common/cab/sysinfo2.cab
DPF: {4085FED4-9934-41E7-A6E5-3E0434464ABC} - hxxp://www.bondisk.com/mmsv/BonControl.CAB
DPF: {42E8651D-C437-4203-93F5-24E20C2C4465} - hxxps://www.vpay.co.kr/kvpfiles/KVPCyberCard.cab
DPF: {47660CBA-279C-4E16-9155-6249F30012AD} - hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_0_LG_UPLUS.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab
DPF: {4C55B9F3-81AC-4901-9F5B-6F53B12075F4} - hxxp://www.filefarm.co.kr/clientNew/FileFarmActiveX.cab
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://update.nprotect.net/tyscan/b2b/nps.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/shinhancard/npstarter_070716.cab
DPF: {54A1AC78-6F1E-4142-8A1E-E21FE6A996FE} - hxxp://www.stardisk.co.kr/Contents/StarDiskAX.cab
DPF: {5547DED5-E6A9-469A-90F0-5BFE5CD33FF1} - hxxps://pay.kcp.co.kr/plugin_new/file/KCPPaymentUX.cab
DPF: {5C4E056C-AB90-4B5E-9AC7-8D2EDB18DD9A} - hxxp://img.topfile.co.kr/app/control/TopFileCtrl_1.0.0.3.CAB
DPF: {5D1317E0-98DD-4A64-907A-DCF3BBD28BA5} - hxxp://www.82movie.com/p2p/ActiveX/Sol2_SeverFileX.ocx
DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} - hxxps://pgdownload.uplus.co.kr/common/js/crossdomain/DacomCrossDomain.cab
DPF: {636ABE5E-6EE8-4BB2-A94E-98EED47FC7AF} - hxxp://www.filedok.com/mmsv/FileDokCtl.CAB
DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid_86.cab
DPF: {6738F66E-B252-4BDB-ADA6-1A18EB2AA8EA} - hxxp://qbic.dreamx.com/component/QbicComponent.cab
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://kr.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: {742E2B0A-D90A-4570-A5AE-2CC68B11097D} - hxxps://dn4.realscan.co.kr/data/realscan/RealScan_Launcher.cab
DPF: {7A6395E4-00CD-4B5A-A5AF-F3958618D9CE} - file:///C:/Users/Jake/AppData/Local/Temp/rxproplus.cab
DPF: {7DC257DD-4939-4F16-B8AF-0A74F9080B64} - hxxp://kspay.ksnet.to/store/KSPayActiveX/update/files/common/KSNETPayMain.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab
DPF: {7FAE8B01-5F20-43AC-9DFF-ABDA3591BBB4} - hxxp://www.bigfile.co.kr/client/BigFileVista.cab
DPF: {8B95CDB4-7F5F-44FA-803E-1F31963D711F} - hxxp://www.filebada.com/Client/Ocx/FB_OCX.CAB
DPF: {8C116A92-3C1C-47CB-AB76-456BFA30D4D5} - hxxp://clean.skbroadband.com/WPincX/bncInstallX.cab
DPF: {8C4F5093-2E8B-491C-A2A3-74AFCEEE5378} - hxxp://ziofile.com/setver/ZioFileControl.cab
DPF: {8FAE8B01-5F20-43AC-9DFF-ABDA3591BBB4} - hxxp://www.filefarm.co.kr/client/FileFarmVista.cab
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} - hxxp://img.shinhan.com/rib/ko/print/PrintmadeActiveX.cab
DPF: {977FEC65-6190-4BF0-A871-A70DE5B8497A} - hxxp://setup.tple.co.kr/files/application/tple/TpleControl37.CAB
DPF: {9963FACF-7618-417B-B6DD-AB8B65AF8CD1} - hxxps://pgdownload.uplus.co.kr/lgdacom/LGDacomXPayUpdater.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9CBC0296-6A35-470E-BA9A-F33A587AF7A7} - hxxp://www.xdisk.co.kr/app/bin/FileMgr.cab
DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} - hxxp://speed.nia.or.kr/login/SysNIAforHuman.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_9_4_DE.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://download.auction.co.kr/activexpay/20120821/BankPayEFT.cab
DPF: {B3E4F985-F780-4CC8-ADC7-9ABF07DFC12D} - hxxp://www.hidisk.com/mmsv/HidiskWebControl.CAB
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_8/DaumActiveX.cab?ver=2,0,0,8
DPF: {BABE8880-31A7-4D56-8426-9E63BDF78452} - hxxp://turboupdate.com/TurboVaccineOnline/Online/TvOActiveX.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.shinhancard.com/infovine/VineTransfer.cab
DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/login/SpeedTest.cab
DPF: {C6F70391-1525-4698-903C-AABC591E45E8} - hxxp://www.filecity.co.kr/mmsv/FileCityControl.cab
DPF: {CAFA8355-60CC-4794-A184-A2756AE686E6} - hxxp://www.filefarm.co.kr/APPLICATION/bin/FarmControl.ocx
DPF: {CD5D5907-8BF7-45EE-AEFA-6D2C042DED41} - hxxp://img.megastudy.net/InfoCtrl-1.0.0.2.Cab
DPF: {D4CA4B54-056A-4011-BC50-7C49AFF981A4} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtCxCtlCon.cab
DPF: {D7604BF1-A066-4DD0-8166-55E0DE7B7079} - hxxp://setup.tple.co.kr/files/application/tple/TpleControl36.CAB
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxps://plugin.inicis.com/wallet60/INIwallet60_vista.cab
DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://sims.sktelecom.com/ActiveX/CongnamulMap4Asp_V2_0_2_5.cab
DPF: {D9C4AD05-B7FD-4F0C-ACEB-B24D0DECE79F} - hxxp://www.megafile.co.kr/webhard/megafile.cab
DPF: {DAABE2E9-8E76-4433-A484-534A84092C34} - hxxp://adrive.co.kr/setup/ADriveWebControl.cab
DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} - hxxps://supdate.nprotect.net/nprotect2007/lottecom/npz.cab
DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} - hxxp://www.viruschaser.com/Kor/vc4w_ocx/Vcrscan.CAB
DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {F6845081-F408-4A2D-9EBD-242E3470D5C6} - hxxp://www.phototo.co.kr/apps/PhototoLauncher.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BtShellCON - c:\windows\system32\UninstCON.exe
AddRemove-INFovine - c:\windows\system32\UbiKeyUninstall.exe
AddRemove-npn5 - c:\windows\system32\npn5uninst.exe
AddRemove-nps - c:\windows\system32\npeUninstaller.exe
AddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exe
AddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exe
AddRemove-클럽박스 파일전송관리자 - c:\windows\system32\clubboxuninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3196405197-2041645562-4139687468-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4d,df,8e,9a,ba,b8,7e,cf,e6,de,7c,55,f3,f2,17,ff,09,d6,e2,ef,c6,
a4,06,be,07,f5,e9,77,52,96,35,f0,30,96,a0,d9,d2,70,3a,9b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3196405197-2041645562-4139687468-1000_Classes\Wow6432Node\CLSID\{a2b75d53-01ca-4ac7-95d9-8d9d3f7ffc26}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e2
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-03 02:18:41
ComboFix-quarantined-files.txt 2012-10-02 17:18
ComboFix2.txt 2012-09-27 16:26
.
Pre-Run: 109,034,471,424 바이트 남음
Post-Run: 108,454,887,424 바이트 남음
.
- - End Of File - - 0383DC3ED48DBFD2EF609BE37EDE2DC5

Security Check Log-

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware 버전 1.65.0.1400
Java™ 6 Update 32
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Adw Cleaner Log-

# AdwCleaner v2.003 - Logfile created 10/03/2012 at 02:31:58
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jake - JAKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Jake\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Jake\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [4337 octets] - [03/10/2012 02:31:58]

########## EOF - C:\AdwCleaner[S1].txt - [4397 octets] ##########

Thank you for reading!=]

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 08 October 2012 - 10:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users