PDA

View Full Version : OMG...CoolWWWSearch.OleHelp - Please Help!


rangernoh
2010-10-19, 14:22
Hi All,

I'm newbie here. Please help me!
Well, it's not funny that two users consecutively report the problem of this nasty coolwwwsearch.

My computer got infected by "CoolWWWSearch.OleHelp". My browser is not hijacked to some weird website, but google search seems to be very slow. Spybot detected this, but I have been unable to eliminate it. The thread right below this one was helpful, but I follow the critical rule that I shouldn't use the fix unless it is recommended by an expert.

Since Spybot could not eliminate this, I post two logs - one log from spybot and the other from DDS.

I would really appreciate if anyone can help me fix this. :thanks:

Here are logs:

-------------------------------------------------------------------
(1) a log after Spybot


CoolWWWSearch.OleHelp: [SBI $F3F8B2C7] Autorun settings (svchost) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost

CoolWWWSearch.OleHelp: [SBI $F3F8B2C7] Program file (File, fixed)
C:\Users\Jungho\AppData\Roaming\Microsoft\svchost.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

CoolWWWSearch.OleHelp: [SBI $F3F8B2C7] Autorun settings (svchost) (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-07-26 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-12 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-12 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-12 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


------------------------------------------------------------------
(2) DDS.txt

DDS (Ver_10-10-10.03) - NTFSx86
Run by Jungho at 6:53:11.68 on 2010-10-19
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Business 6.0.6002.2.949.82.1033.18.3070.2051 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\Jungho\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Users\Jungho\AppData\Local\Temp\dwm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\Users\Jungho\AppData\Roaming\Microsoft\svchost.exe
C:\Users\Jungho\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://web.mit.edu/polisci/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\users\jungho\appdata\roaming\microsoft\windows\shell.exe
uWindows: Load=c:\users\jungho\appdata\local\temp\dwm.exe
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {0483894E-2422-45E0-8384-021AFF1AF3CD} - No File
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP VoodooDNA Mouse] "c:\program files\hp laser gaming mouse with voodoodna\hid.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [svchost] c:\users\jungho\appdata\roaming\microsoft\svchost.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1042-

0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth

software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-

47f1-a739-173cc341414f}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Microsoft Excel로 내보내기(&X)
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: 기존 PDF에 링크 대상 추가 - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12

\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12

\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: eyescrap.com\csweb
Trusted Zone: iros.go.kr\www
Trusted Zone: kcp.co.kr
Trusted Zone: mit.edu\ca
Trusted Zone: mit.edu\ca2
Trusted Zone: nanet.go.kr
Trusted Zone: telec.co.kr
Trusted Zone: vpay.co.kr
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/wooribank/CKKeyPro3017_32k.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CDD6E613-CBEF-40C3-A140-4F5EEE0C4E00} - hxxp://ck.softforum.co.kr/phishingpro/lh/current/CKPhishingPro.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {AB3FDB4A-27F9-40D1-BCE3-AB15633E7FE3} = 168.126.63.1
SEH: CoxShellExtObj Class: {779d629f-f440-4a9f-a70f-c50d4ddabddd} - c:\program files\nadl\covue\CoxShellExt.dll
LSA: Notification Packages = scecli ACGina
mASetup: ccc-core-static - msiexec /fums {AB42B423-B596-3C2F-21B2-64AAB0FA6D1B} /qb

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-4-6 343920]
R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AmonTDLh.sys [2010-10-18 87648]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-10-20 13744]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-1-6 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-7-26 70728]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-26 1153368]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2006-11-30 55928]
R3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys [2009-12-7 9856]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-4-6 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-26 43288]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-21 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2010-10-18 19616]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-15 21504]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [2009-9-24 21304]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2007-3-14 6784]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2008-10-17 12728]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2009-12-15 126048]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-26 66600]
S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2010-10-18 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2010-10-18 121536]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-8-15 21504]
S3 NPIDS;NPIDS;c:\windows\system32\NPIdsVt.sys [2008-6-19 45088]
S3 PeerDistSvc;BranchCache;c:\windows\system32\svchost.exe -k PeerDist [2008-8-15 21504]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-4-15 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-4-15 509760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-19 10:53:03 102912 ----a-w- c:\users\jungho\appdata\roaming\microsoft\svchost.exe
2010-10-19 06:14:05 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{214fbe9f-c587-

4344-be2e-8c26b8790a6b}\mpengine.dll
2010-10-19 03:38:22 -------- d-----w- c:\program files\HD Tune
2010-10-19 02:12:03 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-18 15:33:04 -------- d-----w- c:\program files\Speccy
2010-10-18 15:31:33 -------- d-----w- c:\program files\Defraggler
2010-10-18 15:20:10 -------- d-----w- c:\program files\CCleaner
2010-10-18 04:42:47 139264 ----a-w- c:\users\jungho\appdata\roaming\microsoft\windows\shell.exe
2010-10-18 04:30:15 77921 ----a-w- c:\windows\system32\v3w32se2.dll
2010-10-18 04:02:45 87648 ----a-w- c:\windows\system32\drivers\AmonTDLh.sys
2010-10-18 04:02:45 19616 ----a-w- c:\windows\system32\drivers\CdmDrvNt.sys
2010-10-18 02:54:19 -------- d-----w- c:\users\jungho\appdata\roaming\ChromePlus
2010-10-17 22:36:02 -------- d-----w- C:\Autoruns
2010-10-16 15:20:56 -------- d-----w- c:\users\jungho\appdata\roaming\Malwarebytes
2010-10-16 15:20:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 15:20:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 15:20:45 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-16 15:20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 08:19:55 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 08:19:54 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 08:19:34 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 08:19:33 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 08:19:33 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 08:19:33 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 08:19:32 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 08:19:22 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 08:19:22 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 08:19:01 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 08:13:56 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-07 03:42:13 -------- d-----w- c:\program files\GnuWin32
2010-10-07 00:46:13 -------- d-----w- C:\font_download
2010-09-30 21:19:27 90112 ----a-w- c:\program files\mozilla firefox\plugins\npxecure.dll
2010-09-30 21:19:27 73728 ----a-w- c:\program files\mozilla firefox\plugins\npxwfile.dll
2010-09-30 21:17:52 -------- d-----w- c:\users\jungho\appdata\roaming\AhnLab
2010-09-28 17:52:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 17:52:37 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-10-18 03:59:59 21304 ----a-w- c:\windows\system32\JRSKD24.SYS
2010-10-18 03:59:59 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-10-18 03:59:59 126048 ----a-w- c:\windows\system32\kcrtx86.sys
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 6:56:34.51 ===============
Blade81
2010-10-25, 20:41
Hi,

If help still needed please disable word wrap in notepad. After that, post fresh dds.txt & attach.txt contents.
Blade81
2010-10-31, 12:17
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.