 |  |  |  |  |  |  |  |
New Win32 virus - i dont know what to do
 |
mcafree on my computer just detected i have a new win32 virus
(is the new win32 virus and just win 32 virus different??)
i spent the last three hours searching and struggling to get rid of this thing;( i tried every solutions i knew yet the virus seemed to be uncleanable.. i read a couple of other writings on this website, but i dont really know what i have to do ..please do help , any kind of advice or solutions will be great , thank you so much
Logfile of HijackThis v1.99.1
Scan saved at 오후 4:38:42, on 2007-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephanie you\Desktop\NGenFix-nologout.exe
C:\Documents and Settings\stephanie you\Desktop\stng260-nologout.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephanie you\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SHARE - {01AB1467-97A2-439D-8194-5FB11423E3B6} - C:\Program Files\share\share.dll
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: Windows Direct Toolbar(&D) - {B7FEF18D-912D-4FE2-9B19-A614F6B309DA} - C:\Program Files\directtb\crevotb.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: share - {158D7D5D-8AD4-47c6-B468-198A96A0325B} - C:\Program Files\share\sharevd.exe
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
(is the new win32 virus and just win 32 virus different??)
i spent the last three hours searching and struggling to get rid of this thing;( i tried every solutions i knew yet the virus seemed to be uncleanable.. i read a couple of other writings on this website, but i dont really know what i have to do ..please do help , any kind of advice or solutions will be great , thank you so much
Logfile of HijackThis v1.99.1
Scan saved at 오후 4:38:42, on 2007-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephanie you\Desktop\NGenFix-nologout.exe
C:\Documents and Settings\stephanie you\Desktop\stng260-nologout.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephanie you\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SHARE - {01AB1467-97A2-439D-8194-5FB11423E3B6} - C:\Program Files\share\share.dll
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: Windows Direct Toolbar(&D) - {B7FEF18D-912D-4FE2-9B19-A614F6B309DA} - C:\Program Files\directtb\crevotb.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: share - {158D7D5D-8AD4-47c6-B468-198A96A0325B} - C:\Program Files\share\sharevd.exe
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
•
•
•
•
Originally Posted by stephaniey 
mcafree on my computer just detected i have a new win32 virus
(is the new win32 virus and just win 32 virus different??)
i spent the last three hours searching and struggling to get rid of this thing;
I do not believe this is a specific virus - I think the notification is the result of a heuristic detection (similar to Symantec's "bloodhound").
You DO have some baddies showing in that HJT Log. Please do a few things for me:
FIRST:
Please relocate HijackThis to a safer location. Most Forum volunteers expect to find it at C:\Program Files\HijackThis or C:\HijackThis.
If you are unable to move it on your own, please do the following:
Download a fresh HijackThis from http://downloads.malwareremoval.com/hijackthis_sfx.exe
Save the setup file on your desktop.
Then, DoubleClick on it and by default it should install to C:\Program Files\HijackThis
Continue through the setup and allow it to create a desktop icon for you. Follow all the prompts, click Finish and just leave it for now.
NEXT:
Please download and Install AVG Anti-Spyware v7.5
THEN:
RightClick the AVG Anti-Spy Icon in your system tray and do the following:
-- Uncheck Resident Shield
-- Uncheck Automatic Updates
-- Uncheck Start with Windows
* You can reset the above to their defaults AFTER your machine has been deemed “clean,” if you so desire. For now, we need them disabled.
Click Run online update and allow it to run until you see the Update Successful message. If you are unable to do this, please let me know.
NOW, run a full scan:
-- Click on the Scanner button and choose the Settings Tab.
---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
--->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
-- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
-- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine.
-- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop where you can find it easily. Again, be sure to Apply All Actions Before saving the Log!
Please submit the AVG Anti-Spy Log and a Fresh HijackThis Log (taken AFTER the AVG run) and we'll go from there.
Will try to check back as time permits.
PP
Last edited by PhilliePhan; Jan 9th, 2007 at 6:43 pm. Reason: The Usual
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
Phil: thank you very much for the quick response
i really appreciate it!
i did what you told me to
here are the AVG scan report and the new hijackthis report
Logfile of HijackThis v1.99.1
Scan saved at 오후 7:53:24, on 2007-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SHARE - {01AB1467-97A2-439D-8194-5FB11423E3B6} - C:\Program Files\share\share.dll
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: Windows Direct Toolbar(&D) - {B7FEF18D-912D-4FE2-9B19-A614F6B309DA} - C:\Program Files\directtb\crevotb.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\CyberScrub AntiVirus\AvpM.exe
O4 - HKLM\..\Run: [CyberScrub AutoUpdate] C:\Program Files\CyberScrub AntiVirus\CAVSch.exe s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: share - {158D7D5D-8AD4-47c6-B468-198A96A0325B} - C:\Program Files\share\sharevd.exe
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\CyberScrub AntiVirus\AvpM.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 오후 7:50:03 2007-01-09
+ Scan result:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055096.dll -> Adware.Ezurl : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055097.dll -> Adware.Ezurl : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038495.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055078.sys -> Adware.WinAntiVirus : No action taken.
C:\WINDOWS\shuninstall.exe -> Adware.WowBar : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038342.exe -> Backdoor.Delf.aay : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033002.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033055.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033066.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP162\A0033142.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP163\A0033180.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP165\A0033264.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP168\A0033423.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP168\A0033474.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP169\A0033505.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP171\A0033535.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP171\A0033553.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0033627.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033640.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033663.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033677.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033689.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033700.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033737.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033750.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033762.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033778.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033795.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033807.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP176\A0033915.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP177\A0033946.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP178\A0033984.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034042.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034056.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034075.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034101.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034102.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034103.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034152.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038153.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038183.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038186.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038210.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038310.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038311.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038312.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038313.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038350.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038351.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038352.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP183\A0038431.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038456.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038457.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038458.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038459.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038460.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038461.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038462.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038463.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038464.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038465.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038466.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038467.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038468.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038469.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038470.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038471.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038472.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038473.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038474.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038475.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038476.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038477.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038478.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038479.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038480.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038481.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038482.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038483.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038484.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038485.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038486.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038487.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038488.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038489.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038490.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038491.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038492.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038493.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038494.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP191\A0039289.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP194\A0040307.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040442.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040483.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040526.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040611.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP197\A0041292.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP197\A0041318.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041484.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041520.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP200\A0041587.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0041686.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0042681.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP202\A0042747.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0045945.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0048947.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0049954.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0051956.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0052774.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0055330.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0055331.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055132.exe -> Downloader.Small.eac : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034032.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038293.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038335.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038627.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0038660.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0038688.exe -> Downloader.Small.eaz : No action taken.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Program Files\Mabinogi\gcdownS2.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@sento.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033005.dll -> Trojan.BHO.n : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055135.dll -> Trojan.BHO.n : No action taken.
C:\Documents and Settings\stephanie you\My Documents\Downloaded Program Updates\photoshop\adobe_cs_keygen.exe -> Worm.Delf.bd : No action taken.
::Report end
i really appreciate it!
i did what you told me to
here are the AVG scan report and the new hijackthis report
Logfile of HijackThis v1.99.1
Scan saved at 오후 7:53:24, on 2007-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SHARE - {01AB1467-97A2-439D-8194-5FB11423E3B6} - C:\Program Files\share\share.dll
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: Windows Direct Toolbar(&D) - {B7FEF18D-912D-4FE2-9B19-A614F6B309DA} - C:\Program Files\directtb\crevotb.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\CyberScrub AntiVirus\AvpM.exe
O4 - HKLM\..\Run: [CyberScrub AutoUpdate] C:\Program Files\CyberScrub AntiVirus\CAVSch.exe s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: share - {158D7D5D-8AD4-47c6-B468-198A96A0325B} - C:\Program Files\share\sharevd.exe
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\CyberScrub AntiVirus\AvpM.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 오후 7:50:03 2007-01-09
+ Scan result:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055096.dll -> Adware.Ezurl : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055097.dll -> Adware.Ezurl : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038495.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055078.sys -> Adware.WinAntiVirus : No action taken.
C:\WINDOWS\shuninstall.exe -> Adware.WowBar : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038342.exe -> Backdoor.Delf.aay : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033002.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033055.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033066.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP162\A0033142.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP163\A0033180.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP165\A0033264.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP168\A0033423.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP168\A0033474.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP169\A0033505.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP171\A0033535.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP171\A0033553.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0033627.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033640.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033663.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033677.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033689.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033700.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033737.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033750.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033762.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033778.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033795.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033807.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP176\A0033915.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP177\A0033946.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP178\A0033984.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034042.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034056.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034075.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034101.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034102.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034103.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034152.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038153.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038183.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038186.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038210.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038310.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038311.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038312.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038313.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038350.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038351.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038352.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP183\A0038431.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038456.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038457.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038458.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038459.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038460.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038461.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038462.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038463.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038464.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038465.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038466.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038467.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038468.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038469.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038470.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038471.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038472.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038473.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038474.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038475.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038476.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038477.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038478.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038479.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038480.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038481.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038482.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038483.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038484.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038485.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038486.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038487.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038488.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038489.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038490.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038491.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038492.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038493.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038494.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP191\A0039289.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP194\A0040307.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040442.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040483.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040526.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040611.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP197\A0041292.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP197\A0041318.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041484.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041520.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP200\A0041587.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0041686.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0042681.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP202\A0042747.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0045945.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0048947.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0049954.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0051956.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0052774.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0055330.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0055331.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055132.exe -> Downloader.Small.eac : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034032.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038293.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038335.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038627.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0038660.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0038688.exe -> Downloader.Small.eaz : No action taken.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Program Files\Mabinogi\gcdownS2.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@sento.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033005.dll -> Trojan.BHO.n : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055135.dll -> Trojan.BHO.n : No action taken.
C:\Documents and Settings\stephanie you\My Documents\Downloaded Program Updates\photoshop\adobe_cs_keygen.exe -> Worm.Delf.bd : No action taken.
::Report end
•
•
•
•
Originally Posted by stephaniey
Phil: thank you very much for the quick response
i really appreciate it!
You have a number of items in your HJT Log that look like Adware/Spyware that you may have installed and want to keep. I am not familiar with all of them.
It looks like you are in Korea?
Anyhoo, can you tell me what each of the following is and whether you want to keep any of them:
C:\Program Files\Intelligent Update
C:\Program Files\CyberScrub AntiVirus --> if legit, should be uninstalled anyway
c:\Program Files\ShopGuide
C:\Program Files\Click To Tweak
C:\Program Files\share
OKToolbar
Windows Direct Toolbar
NaverToolbar
Uninstall the ones that you are able to via ADD/REMOVE Programs
-- Also, it looks like you have elements of Kaspersky and AVAST! anti-virus programs on your machine. You should remove (uninstall) them so they do not conflict or interfere with McAfee!
Let me know about the above and we can continue from there.
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
omg !! i haven't done the second list of things you told me to do !
but it works now !!! thank you so much , yeapee~
but it works now !!! thank you so much , yeapee~
•
•
•
•
Originally Posted by stephaniey
omg !! i haven't done the second list of things you told me to do !
but it works now !!! thank you so much , yeapee~
There are still a number of baddies to fix as well as some nuisance items in your HJT Log - If you want to proceed, let us know!
I am spread a bit thin posting in a number of different Forums, so I will not work up a fix until I hear back from you with answers to my previous post.
Cheers
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
i am from korea, but i live in GA,
i did delete some stuff such as OK tool bar and share; nearly everything except the Naver Toolbar(this one's pretty useful)
i'm using avast and mcafree right now, but my mcafree keeps telling me that it's expired, even though it is not supposed to say that, cause i purchased it like 3 months ago with one year subscription - -; i dont know what's going on b/c it doesnt let me upgrade so it's kinda outdated,
anyway
so what's the next step ?
(thank you)
i did delete some stuff such as OK tool bar and share; nearly everything except the Naver Toolbar(this one's pretty useful)
i'm using avast and mcafree right now, but my mcafree keeps telling me that it's expired, even though it is not supposed to say that, cause i purchased it like 3 months ago with one year subscription - -; i dont know what's going on b/c it doesnt let me upgrade so it's kinda outdated,
anyway
so what's the next step ?
(thank you) •
•
•
•
Originally Posted by stephaniey
i'm using avast and mcafree right now, but my mcafree keeps telling me that it's expired, even though it is not supposed to say that, cause i purchased it like 3 months ago with one year subscription - -; i dont know what's going on b/c it doesnt let me upgrade so it's kinda outdated,
At any rate,
You should uninstall one of the two AV programs - Then, give me a fresh HJT Log (reflecting your choice of which to keep) and I'll post some cleanup instructions for you.
We'll leave the Naver Toolbar alone, but a lot of other stuff will go.
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
haven't worked on the virus programs yet; i cant really find a custom service site; (
here's my Hijack
Logfile of HijackThis v1.99.1
Scan saved at 오후 7:55:23, on 2007-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\KukiProc110.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Granado Espada\release\ge.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\stephanie you\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
here's my Hijack
Logfile of HijackThis v1.99.1
Scan saved at 오후 7:55:23, on 2007-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\KukiProc110.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Granado Espada\release\ge.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\stephanie you\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
Hi Stephanie,
I’ll leave the sorting out of the Anti-Virus programs to you
-- It looks like you have 2 copies of HJT running. Delete the one on the desktop and run the one located at C:\Program Files\HijackThis
-- I am not certain about this item:
O23 - Service: C-DillaService - Unknown owner -C:\WINDOWS\system32\drivers\CDANSRV.EXE
It should be CDANTSRV.EXE
Please go here ---> http://virusscan.jotti.org/ and use the Browse Button at the top of the page to navigate to C:\WINDOWS\system32\drivers\CDANSRV.EXEand Upload it for analysis.
Please Copy&Paste the results for me.
-- Do the same for C:\WINDOWS\mdm.exe
Make sure the file paths are exactly as listed!
NOW:
Please Scan with HJT, and check the boxes for the following items:
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll --> I do not know what this is. If you do not either, fix it.
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O15 - Trusted Zone: *.cssoft.co.kr (HKLM) --> There is no reason to to have anything in the trusted zone.
You can remove all of these 016 entries for the sake of minimizing clutter. They will come back (as needed) when you revisit those sites.
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
Be sure All Browser Windows are Closed and then Click Fix Checked.
THEN:
Please Navigate to and DELETE the following if they remain :
C:\WINDOWS\conime.exe
C:\Program Files\ShopGuide
C:\WINDOWS\system32\upl.dll
C:\Program Files\Click To Tweak [Basic]
C:\WINDOWS\system32\beans.dll
C:\WINDOWS\system32\fasts.dll
C:\Program Files\Intelligent Update
C:\Program Files\Sevenup
C:\Program Files\OKToolbar
Please give me a fresh HJT Log and the Jotti Scan results and we’ll proceed from there.
PP
I’ll leave the sorting out of the Anti-Virus programs to you
-- It looks like you have 2 copies of HJT running. Delete the one on the desktop and run the one located at C:\Program Files\HijackThis
-- I am not certain about this item:
O23 - Service: C-DillaService - Unknown owner -C:\WINDOWS\system32\drivers\CDANSRV.EXE
It should be CDANTSRV.EXE
Please go here ---> http://virusscan.jotti.org/ and use the Browse Button at the top of the page to navigate to C:\WINDOWS\system32\drivers\CDANSRV.EXEand Upload it for analysis.
Please Copy&Paste the results for me.
-- Do the same for C:\WINDOWS\mdm.exe
Make sure the file paths are exactly as listed!
NOW:
Please Scan with HJT, and check the boxes for the following items:
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll --> I do not know what this is. If you do not either, fix it.
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O15 - Trusted Zone: *.cssoft.co.kr (HKLM) --> There is no reason to to have anything in the trusted zone.
You can remove all of these 016 entries for the sake of minimizing clutter. They will come back (as needed) when you revisit those sites.
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
Be sure All Browser Windows are Closed and then Click Fix Checked.
THEN:
Please Navigate to and DELETE the following if they remain :
C:\WINDOWS\conime.exe
C:\Program Files\ShopGuide
C:\WINDOWS\system32\upl.dll
C:\Program Files\Click To Tweak [Basic]
C:\WINDOWS\system32\beans.dll
C:\WINDOWS\system32\fasts.dll
C:\Program Files\Intelligent Update
C:\Program Files\Sevenup
C:\Program Files\OKToolbar
Please give me a fresh HJT Log and the Jotti Scan results and we’ll proceed from there.
PP
Last edited by PhilliePhan; Jan 11th, 2007 at 10:23 pm. Reason: The usual reasons
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
|
Similar Threads
- I have the New poly win32 virus, please help! (Viruses, Spyware and other Nasties)
- New Poly Win32 (Viruses, Spyware and other Nasties)
- Have New Win32 Virus HELP (Viruses, Spyware and other Nasties)
- New Poly win32 virus....hijackit log posted (Viruses, Spyware and other Nasties)
- Please assist with New Poly Win32 Virus (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: housecall not starting scanning
- Next Thread: Norton Problem
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
