PDA

View Full Version : Malware infection - Spybot will not run


mamzy
2010-10-30, 09:44
Hi,

I have a spyware/malware infection on Windows vista machine that causes google to display unwanted ads as well as several popups. I have also been prompted by some sites i use that my PC is trying a DOS attack when I try to get into the site.

I have tried to run Spybot in normal and safe mode and it will not start or update saying cannot connect to server. Also, I cannot locate the .scr file nor the SpybotSD.exe in the Program Files folder for Spybot.

As per instructions, I took a backup of the registry using ERUNT, and ran a DDS scan. attached below are the scan results. I am also attaching the attach.txt as a zipped file.

Thanks for your help.

-------- DDS.TXT

DDS (Ver_10-10-21.02) - NTFSx86
Run by Cutie at 2:28:16.84 on 10/30/2010 Sat
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.949.82.1033.18.2037.928 [GMT -4:00]

AV: avast! antivirus 4.8.1201 [VPS 090124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1201 [VPS 090124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\OnDisk\ExpressService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\npkcmsvc.exe
C:\Windows\system32\nPStarterSVC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\npnj5Agent.exe
C:\Program Files\QuickDownloadService\qdownagent.exe
C:\Program Files\QuickDownloadService\qdownservice.exe
C:\Program Files\QuickDownloadService\qdownupdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cutie\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cutie\Downloads\dds.scr
C:\Windows\Explorer.EXE
C:\Windows\system32\WerCon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.naver.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\cutie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program

files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scandisk.lnk - c:\windows\system32\rundll32.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: cyworld.com
Trusted Zone: nate.com
DPF: {24F43124-1E7D-4024-A049-E793DF6207F3} - hxxp://jjangfile.infomaster.co.kr/program/Infomaster.CAB
DPF: {283A7932-A386-496A-9AB0-E8DBFACFF1E5} - hxxp://ondisk.co.kr/setup/OnDiskWebControl.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://download.banktown.com/kjbank/initech/down/INIS60.cab
DPF: {3777C31D-20BE-4D86-A566-E63D37BD2798} - hxxp://www.kdisk.co.kr/mmsv/KdiskWebControl.CAB
DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} - hxxp://www.priv.njmls.xmlsweb.com/XMLSearch/XMLCache.CAB
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/bccard/npstarter.cab
DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/wooribank/CKKeyPro3017_32k.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7A9935D3-9B3C-4382-B62A-45CF92B18D74} - hxxp://cyimg7.cyworld.com/storyRoom/CyImgResize.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.2.8/xw_install.cab
DPF: {820359CA-BD53-4BDF-8393-282FEEAE8C53} - hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_0/DaumActiveX.cab?ver=2,0,1,0
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C342F4EE-6D48-4239-A55D-CF2D0D1F3BC6} - hxxp://cyimg7.cyworld.com/cymusic/package/skcaset.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/samsungcard/npkcx.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxps://plugin.inicis.com/wallet60/INIwallet60_vista.cab
DPF: {E6839DC2-F8F6-4B2E-8789-556742CC1FB4} - hxxp://nfile.co.kr/app/NfileWebControl.CAB
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
TCP: NameServer = 93.188.164.129,93.188.160.209
TCP: {5D397078-D39D-4699-93C7-15D8C45D702E} = 93.188.164.129,93.188.160.209
TCP: {5F65C9C6-74BA-41CE-927B-79616BFA11A0} = 93.188.164.129,93.188.160.209
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex

c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\users\cutie\appdata\roaming\mozilla\firefox\profiles\t7wm86o0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.naver.com/
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_344\npaosmgr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCentraUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\cutie\appdata\roaming\move networks\plugins\npqmp071700000016.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5

\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AmonTDLh.sys [2008-7-1 87648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-6-20 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-20 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2007-11-26 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-9 40384]
R2 ExpressService;ExpressService;c:\program files\ondisk\ExpressService.exe [2009-11-10 1282048]
R2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe [2007-2-1 250145]
R2 QuickDownload Agent;QuickDownload Agent;c:\program files\quickdownloadservice\qdownagent.exe [2009-4-24 114688]
R2 QuickDownload Service;QuickDownload Service;c:\program files\quickdownloadservice\qdownservice.exe [2009-4-24 106496]
R2 QuickDownload Update;QuickDownload Update;c:\program files\quickdownloadservice\qdownupdate.exe [2009-4-24 94208]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-9 40384]
R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2008-10-30 12728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-11-12 84832]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2008-7-1 19616]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2007-10-28 19384]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.SYS [2007-8-24 6784]
S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2008-7-1 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2008-7-1 121536]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-6 1247600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-29 23:59:01 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0b67c374-f66a-4e20-bc32-

f27a977e51fd}\mpengine.dll
2010-10-27 02:54:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 02:54:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-17 06:45:59 91552 ----a-w- c:\windows\system32\NDriveFileMgr.exe
2010-10-15 07:08:57 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 05:34:45 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 05:34:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 05:34:16 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 05:34:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 05:34:16 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 05:34:16 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 05:34:15 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 05:32:57 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 05:32:51 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 05:32:39 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-09 16:42:54 -------- d-----w- c:\program files\kdisk.co.kr

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-06 17:46:14 19384 ----a-w- c:\windows\system32\JRSKD24.sys
2010-10-06 17:46:14 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS
2010-09-20 13:48:30 2148123 ----a-w- c:\windows\system32\npmonz.exe
2010-09-13 21:09:44 248416 ----a-w- c:\windows\system32\TeCtrl.dll
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 15:19:50 300568 ----a-w- c:\windows\system32\NaverFDL.exe
2010-09-01 15:19:48 292376 ----a-w- c:\windows\system32\NaverFile.ocx
2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:02:22 274432 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 2:34:33.78 ===============
Jack&Jill
2010-11-06, 19:24
Hello mamzy,

Sorry for the delay.

If you still need help, please delete the DDS file that you have and download a fresh copy from one of the links below. Please post new DDS logs.

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)

Otherwise, this topic will be closed after 3 days.
Jack&Jill
2010-11-11, 02:37
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.