0

mcafree on my computer just detected i have a new win32 virus
(is the new win32 virus and just win 32 virus different??)
i spent the last three hours searching and struggling to get rid of this thing;( i tried every solutions i knew yet the virus seemed to be uncleanable.. i read a couple of other writings on this website, but i dont really know what i have to do ..please do help , any kind of advice or solutions will be great , thank you so much

Logfile of HijackThis v1.99.1
Scan saved at 오후 4:38:42, on 2007-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephanie you\Desktop\NGenFix-nologout.exe
C:\Documents and Settings\stephanie you\Desktop\stng260-nologout.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\stephanie you\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SHARE - {01AB1467-97A2-439D-8194-5FB11423E3B6} - C:\Program Files\share\share.dll
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: Windows Direct Toolbar(&D) - {B7FEF18D-912D-4FE2-9B19-A614F6B309DA} - C:\Program Files\directtb\crevotb.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: share - {158D7D5D-8AD4-47c6-B468-198A96A0325B} - C:\Program Files\share\sharevd.exe
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_install/MetaStream3.cab?url=http://www.samsung.com/Products/MP3Player/MP3Player/web3d/YP_Z5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/viewer/2006/NHNComicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_20050909/MyTVInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY3/Install/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/one002/Webinstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/plugin/down/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/SearchPackWebInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)

2
Contributors
13
Replies
14
Views
10 Years
Discussion Span
Last Post by PhilliePhan
0

mcafree on my computer just detected i have a new win32 virus
(is the new win32 virus and just win 32 virus different??)
i spent the last three hours searching and struggling to get rid of this thing;

Hi Stephanie,

I do not believe this is a specific virus - I think the notification is the result of a heuristic detection (similar to Symantec's "bloodhound").


You DO have some baddies showing in that HJT Log. Please do a few things for me:

FIRST:
Please relocate HijackThis to a safer location. Most Forum volunteers expect to find it at C:\Program Files\HijackThis or C:\HijackThis.
If you are unable to move it on your own, please do the following:

Download a fresh HijackThis from http://downloads.malwareremoval.com/hijackthis_sfx.exe

Save the setup file on your desktop.
Then, DoubleClick on it and by default it should install to C:\Program Files\HijackThis
Continue through the setup and allow it to create a desktop icon for you. Follow all the prompts, click Finish and just leave it for now.

NEXT:
Please download and Install AVG Anti-Spyware v7.5

THEN:
RightClick the AVG Anti-Spy Icon in your system tray and do the following:
-- Uncheck Resident Shield
-- Uncheck Automatic Updates
-- Uncheck Start with Windows
* You can reset the above to their defaults AFTER your machine has been deemed “clean,” if you so desire. For now, we need them disabled.

Click Run online update and allow it to run until you see the Update Successful message. If you are unable to do this, please let me know.

NOW, run a full scan:

-- Click on the Scanner button and choose the Settings Tab.
---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
--->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
-- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
-- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine.
-- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop where you can find it easily. Again, be sure to Apply All Actions Before saving the Log!



Please submit the AVG Anti-Spy Log and a Fresh HijackThis Log (taken AFTER the AVG run) and we'll go from there.

Will try to check back as time permits.

PP :)

0

Phil: thank you very much for the quick response
i really appreciate it!

i did what you told me to


here are the AVG scan report and the new hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 오후 7:53:24, on 2007-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SHARE - {01AB1467-97A2-439D-8194-5FB11423E3B6} - C:\Program Files\share\share.dll
O3 - Toolbar: OK 툴바 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\OkToolbar.dll
O3 - Toolbar: Windows Direct Toolbar(&D) - {B7FEF18D-912D-4FE2-9B19-A614F6B309DA} - C:\Program Files\directtb\crevotb.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\CyberScrub AntiVirus\AvpM.exe
O4 - HKLM\..\Run: [CyberScrub AutoUpdate] C:\Program Files\CyberScrub AntiVirus\CAVSch.exe s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: share - {158D7D5D-8AD4-47c6-B468-198A96A0325B} - C:\Program Files\share\sharevd.exe
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_install/MetaStream3.cab?url=http://www.samsung.com/Products/MP3Player/MP3Player/web3d/YP_Z5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/viewer/2006/NHNComicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_20050909/MyTVInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY3/Install/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/one002/Webinstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/plugin/down/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/SearchPackWebInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\CyberScrub AntiVirus\AvpM.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 오후 7:50:03 2007-01-09
+ Scan result:

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055096.dll -> Adware.Ezurl : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055097.dll -> Adware.Ezurl : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038495.sys -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055078.sys -> Adware.WinAntiVirus : No action taken.
C:\WINDOWS\shuninstall.exe -> Adware.WowBar : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038342.exe -> Backdoor.Delf.aay : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033002.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033055.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033066.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP162\A0033142.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP163\A0033180.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP165\A0033264.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP168\A0033423.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP168\A0033474.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP169\A0033505.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP171\A0033535.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP171\A0033553.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP172\A0033627.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033640.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033663.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033677.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033689.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP173\A0033700.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033737.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033750.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP174\A0033762.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033778.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033795.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP175\A0033807.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP176\A0033915.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP177\A0033946.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP178\A0033984.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034042.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034056.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034075.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034101.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034102.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034103.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP180\A0034152.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038153.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038183.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP181\A0038186.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038210.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038310.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038311.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038312.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038313.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038350.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038351.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038352.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP183\A0038431.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038456.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038457.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038458.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038459.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038460.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038461.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038462.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038463.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038464.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038465.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038466.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038467.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038468.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038469.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038470.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038471.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038472.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038473.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038474.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038475.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038476.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038477.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038478.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038479.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038480.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038481.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038482.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038483.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038484.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038485.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038486.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038487.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038488.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038489.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038490.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038491.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038492.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038493.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038494.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP191\A0039289.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP194\A0040307.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040442.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040483.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040526.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP195\A0040611.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP197\A0041292.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP197\A0041318.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041484.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP199\A0041520.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP200\A0041587.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0041686.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0042681.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP202\A0042747.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0045945.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0048947.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0049954.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0051956.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP206\A0052774.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0055330.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP212\A0055331.exe -> Downloader.Delf.kc : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055132.exe -> Downloader.Small.eac : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP179\A0034032.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038293.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP182\A0038335.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0038627.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP185\A0038660.exe -> Downloader.Small.eaz : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP186\A0038688.exe -> Downloader.Small.eaz : No action taken.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : No action taken.
C:\Program Files\Mabinogi\gcdownS2.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@sento.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie you@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@adtech"]you@adtech[/EMAIL][2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@atdmt"]you@atdmt[/EMAIL][2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@bluestreak"]you@bluestreak[/EMAIL][1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@clickbank"]you@clickbank[/EMAIL][1].txt -> TrackingCookie.Clickbank : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@doubleclick"]you@doubleclick[/EMAIL][1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@mediaplex"]you@mediaplex[/EMAIL][2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@questionmarket"]you@questionmarket[/EMAIL][2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@statcounter"]you@statcounter[/EMAIL][1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\stephanie you\Cookies\stephanie [EMAIL="you@tribalfusion"]you@tribalfusion[/EMAIL][1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP161\A0033005.dll -> Trojan.BHO.n : No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP209\A0055135.dll -> Trojan.BHO.n : No action taken.
C:\Documents and Settings\stephanie you\My Documents\Downloaded Program Updates\photoshop\adobe_cs_keygen.exe -> Worm.Delf.bd : No action taken.

::Report end

0

Phil: thank you very much for the quick response
i really appreciate it!

Happy to try to help :)

You have a number of items in your HJT Log that look like Adware/Spyware that you may have installed and want to keep. I am not familiar with all of them.
It looks like you are in Korea?

Anyhoo, can you tell me what each of the following is and whether you want to keep any of them:

C:\Program Files\Intelligent Update
C:\Program Files\CyberScrub AntiVirus --> if legit, should be uninstalled anyway
c:\Program Files\ShopGuide
C:\Program Files\Click To Tweak
C:\Program Files\share
OKToolbar
Windows Direct Toolbar
NaverToolbar

Uninstall the ones that you are able to via ADD/REMOVE Programs


-- Also, it looks like you have elements of Kaspersky and AVAST! anti-virus programs on your machine. You should remove (uninstall) them so they do not conflict or interfere with McAfee!

Let me know about the above and we can continue from there.

PP :)

0

omg !! i haven't done the second list of things you told me to do !
but it works now !!! thank you so much , yeapee~

0

omg !! i haven't done the second list of things you told me to do !
but it works now !!! thank you so much , yeapee~

Happy to help :)

There are still a number of baddies to fix as well as some nuisance items in your HJT Log - If you want to proceed, let us know!

I am spread a bit thin posting in a number of different Forums, so I will not work up a fix until I hear back from you with answers to my previous post.

Cheers :)
PP

0

i am from korea, but i live in GA,
i did delete some stuff such as OK tool bar and share; nearly everything except the Naver Toolbar(this one's pretty useful)


i'm using avast and mcafree right now, but my mcafree keeps telling me that it's expired, even though it is not supposed to say that, cause i purchased it like 3 months ago with one year subscription - -; i dont know what's going on b/c it doesnt let me upgrade so it's kinda outdated,

anyway
so what's the next step ? :D (thank you)

0

i'm using avast and mcafree right now, but my mcafree keeps telling me that it's expired, even though it is not supposed to say that, cause i purchased it like 3 months ago with one year subscription - -; i dont know what's going on b/c it doesnt let me upgrade so it's kinda outdated,

Well . . .If you cannot update its definitions, an AV is useless. Also, having both Avast! and McAffee on the same compy can be problematic. Perhaps you'll need to work it out with the McAfee people since you paid for their product?

At any rate,
You should uninstall one of the two AV programs
- Then, give me a fresh HJT Log (reflecting your choice of which to keep) and I'll post some cleanup instructions for you.
We'll leave the Naver Toolbar alone, but a lot of other stuff will go.

PP :)

0

haven't worked on the virus programs yet; i cant really find a custom service site; (

here's my Hijack

Logfile of HijackThis v1.99.1
Scan saved at 오후 7:55:23, on 2007-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intelligent Update\IntelliUpdate.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\CyberScrub AntiVirus\CAVSch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\KukiProc110.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Granado Espada\release\ge.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\stephanie you\Desktop\hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_install/MetaStream3.cab?url=http://www.samsung.com/Products/MP3Player/MP3Player/web3d/YP_Z5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/down/NPPWebInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/viewer/2006/NHNComicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/renderer/mabiweb.2006.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_20050909/MyTVInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY3/Install/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/one002/Webinstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/dmcm.cab?Version=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/plugin/down/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/SearchPackWebInstaller.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)

0

Hi Stephanie,

I’ll leave the sorting out of the Anti-Virus programs to you ;)

-- It looks like you have 2 copies of HJT running. Delete the one on the desktop and run the one located at C:\Program Files\HijackThis


-- I am not certain about this item:
O23 - Service: C-DillaService - Unknown owner -C:\WINDOWS\system32\drivers\CDANSRV.EXE
It should be CDANTSRV.EXE

Please go here ---> and use the Browse Button at the top of the page to navigate to C:\WINDOWS\system32\drivers\CDANSRV.EXEand Upload it for analysis.
Please Copy&Paste the results for me.
-- Do the same for C:\WINDOWS\mdm.exe
Make sure the file paths are exactly as listed!


NOW:
Please Scan with HJT, and check the boxes for the following items:
O2 - BHO: ShopGuide Class - {3CB0CF42-DA54-47d2-8999-23928A2DEA42} - c:\Program Files\ShopGuide\shpguide.dll
O2 - BHO: upg Class - {AD4A14F9-1BA1-49EC-B721-E1D79AD768F6} - C:\WINDOWS\system32\upl.dll --> I do not know what this is. If you do not either, fix it.
O2 - BHO: IWebInterception Class - {BFDDBDBB-F62C-4D4A-B574-59D276F47196} - C:\Program Files\Click To Tweak [Basic]\WebInterception.dll
O2 - BHO: (no name) - {D2A0394A-64E0-461B-A038-A52B41C03F75} - C:\WINDOWS\system32\beans.dll
O2 - BHO: (no name) - {E3231BA4-4271-402E-B20C-D5CFFF70F9D4} - C:\WINDOWS\system32\fasts.dll

O4 - HKLM\..\Run: [Intelligent Update] "C:\Program Files\Intelligent Update\IntelliUpdate.exe"

O9 - Extra button: 7-up - {22FF2F07-6455-4cac-A71D-EA1C47EA6DA6} - C:\Program Files\Sevenup\7up.exe
O9 - Extra button: 무료 백신 - {73182355-ED2B-4064-A45F-49227EA0EE74} - C:\Program Files\OKToolbar\Okupdmnger.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: 샵가이드 - {EC9679F6-42B7-4593-9E1C-AF421066C123} - http://www.shop-guide.co.kr (file missing)

O15 - Trusted Zone: *.cssoft.co.kr (HKLM) --> There is no reason to to have anything in the trusted zone.

You can remove all of these 016 entries for the sake of minimizing clutter. They will come back (as needed) when you revisit those sites.
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nm...MStarter23.cab
O16 - DPF: {02F68151-CE20-4793-B092-BBF273D2C116} (ViruscopActiveX Control) - http://www.viruscop.co.kr/pgm/viruscop.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://www.viewpoint.co.kr/vet_insta...5ZBXAA/z5.html
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) - http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.kr/cdndist/neffy/Neffy.cab
O16 - DPF: {0E96B258-D5FA-405E-A540-DB53E03376BD} (OrangeFileBox Control) - http://www.orangefile.co.kr/ActiveX/OrangeFileBox.cab
O16 - DPF: {116D8D4C-E19A-46D0-95DC-4EA2663703BE} (MbAx Control) - http://login.hanbiton.com/cab/Hanbiton_Mb424.cab
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://cdn.naver.com/naver/comic/vie...omicViewer.cab
O16 - DPF: {2115BCCF-4592-4B51-8578-0D94B98ADC40} (viewup Control) - http://ac.interich.com/activex/install/viewup.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {458F5FA5-E8F8-4D7B-96FA-43419A71B5A7} (ToonsXDaum2 Control) - http://comic.daum.net/download/ToonsXDaum2.cab
O16 - DPF: {4DCCAFA1-5FA1-4543-BA05-726A1A33754B} (MAMCityDownload Control) - http://www.csafer.net/ActiveX/MASetupWizardMCity.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {54F6FF75-09A0-4B2E-B480-6008E5C6B4D0} (DrClearInstaller Class) - http://update.drclear.co.kr/cab/DrClearCom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {695D7312-9B91-42E8-8893-75419A2873EC} - http://ftp.entica.com/EnLaunch/SeM/ssunit.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplaye...tBGMPlayer.cab
O16 - DPF: {722347A8-E941-48A7-961C-9EBF1402188E} (DaulEqnAx2 Control) - http://kin.naver.com/editor/activex/DaulEqnAx2.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabinogi.com:88/render...6.12.20.01.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ftp.entica.com/EnLaunch/ENPPY...all/msxml4.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://cafe.naver.com/common/activex/NIU.CAB
O16 - DPF: {90D1D09A-EE24-4284-8A97-D5E4C189AC10} (eBookAgent Control) - http://ebook.koyanglib.or.kr/main/eBookAgent.ocx
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.tubemusic.com/naver/naverx.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownload.nefficient.co....ab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymus.../skcbgmset.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B005D02C-E461-4851-8A79-C7FDC8563C07} (BBNPort Class) - http://user.buddybuddy.co.kr/cab/BBNPort.cab
O16 - DPF: {B37AD72D-34EA-45F8-A016-10814DC97CAB} (CafeHelper Control) - http://cafe.naver.com/common/CafeHelper.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,1,0
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://player.muz.co.kr/package/p3muzset.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://websgt.com/download/btool2006.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/pullshot/Pull0Control.ocx
O16 - DPF: {D9CD6F7D-1694-4FB3-9F16-E4A7E43943B9} - http://221.143.43.212/Downloads/one/...binstaller.cab
O16 - DPF: {E1CDC08F-F464-4682-AE6A-7689451387C0} (CAFE multiupload control) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,21
O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/p...own/INIS50.cab
O16 - DPF: {F2AD56CD-410B-46E6-AB92-52F37FC33B89} (ChatModule Control) - http://webchat.geopia.com/activeX/GeoStart.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F51D1D2C-FF76-4981-A3A5-ECF9FBE7888E} (WebSgt Control) - http://www.cgland.com/file/websgt.cab
O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/n...1800/GWall.cab
O16 - DPF: {FDC8D26C-8772-4877-8FD3-86D552F0B43C} (SearchWIObj Class) - http://file.searchspy.co.kr/control/...bInstaller.cab

O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)

Be sure All Browser Windows are Closed and then Click Fix Checked.


THEN:
Please Navigate to and DELETE the following if they remain :

C:\WINDOWS\conime.exe
C:\Program Files\ShopGuide
C:\WINDOWS\system32\upl.dll
C:\Program Files\Click To Tweak [Basic]
C:\WINDOWS\system32\beans.dll
C:\WINDOWS\system32\fasts.dll
C:\Program Files\Intelligent Update
C:\Program Files\Sevenup
C:\Program Files\OKToolbar

Please give me a fresh HJT Log and the Jotti Scan results and we’ll proceed from there.

PP :)

0

TITLE: hello - what's the next move!
BODY: i erased the HJT on the desktop
items said to navigate and delete, i wasnt able to:

C:\WINDOWS\conime.exe (doesn't exist in the folder;)
C:\Program Files\ShopGuide( access denied)
C:\Program Files\Click To Tweak [Basic]( access denied)
C:\WINDOWS\system32\upl.dll( access denied)

checked the two programs(below)

File:  CDANSRV.EXE
Status:  OK
MD5  0acd7cc9dbfcabba6386ab2505600741
Packers detected:  -


Scanner results
Scan taken on 12 Jan 2007 23:44:58 (GMT)
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing
~~~~~~~~~~~~~~~~~~~~~~``)/
Service load:  0%        100%


File:  mdm.exe
Status:  OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5  3e87b10048aa07ab96e0ddf69269b302
Packers detected:  -


Scanner results
Scan taken on 12 Jan 2007 23:47:39 (GMT)
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing
Hijacked again~
Logfile of HijackThis v1.99.1
Scan saved at 오후 7:09:10, on 2007-01-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\KukiProc110.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\setup_wm.exe
C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\WMC0000.tmp\WMPAU.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)

THANK you SO much

Edited by happygeek: fixed formatting

0

checked the two programs(below)
File: CDANSRV.EXE
Status: OK
File: mdm.exe
Status: OK

Interesting . . . . The first one I kinda expected, but drawing on experience, this one just looks really wrong to me:
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe

We'll leave it alone for the time being. However, if you still have problems, it may bear further scrutiny!


Anyhoo, let’s finish up, shall we....

--- Please download KillBox to your Desktop. Leave it where you can find it for now.
--- Download ATF-Cleaner.exe by Atribune to your Desktop. Just leave it for now . . .


Please print out or save these instructions locally so that you can Disconnect from the Internet and operate with All Browser Windows CLOSED.

-- Please Boot to Safe Mode

NOW:
Click Start > Run > type services.msc and Click OK
Locate Windows Management Network (WMN) (WNManage) and RightClick on it to bring up the Service Properties Window.
First: Stop the service by clicking the Stop Button.
Next: Disable it by changing the Startup Type to Disabled and click Apply. Note that it may already be disabled.
Then: Run HijackThis and open the Misc Tools section and select Delete an NT service and follow the instructions to enter and remove that service.

NEXT:
Please scan with HijackThis and Check the Boxes for the following, if they remain:

O15 - Trusted Zone: *.cssoft.co.kr (HKLM)

O23 - Service: Windows Management Network (WMN) (WNManage) - Unknown owner - C:\WINDOWS\conime.exe (file missing)
Be sure All Browser Windows are Closed and then Click Fix Checked.

THEN:
Please open KillBox.
Next, you will be entering items into KillBox to be Deleted upon Reboot.
Enter or Copy&Paste each of the following into the box one by one, making sure Delete on Reboot and End Explorer Shell While Killing File are Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be Rebooted until the last item has been entered:
** Note:
For the .dll, check the Unregister .dll Before Deleting box as well.

C:\Program Files\ShopGuide
C:\Program Files\Click To Tweak [Basic]
C:\WINDOWS\system32\upl.dll
When the last item has been entered and you are prompted to reboot, ALLOW KillBox to Reboot your computer. If Killbox fails to Reboot your machine, do it manually.


NEXT:
-- Click on ATF-Cleaner (that you downloaded earlier) to run it
-- Where it says Select Files To Delete, Check the Select All Option (if you don’t want it to clean cookies, set it accordingly)
-- Click Empty Selected > OK > EXIT

THEN:
Reboot to Normal Windows and Scan with HijackThis and submit that log.

Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back as time permits (busy weekend ahead).

Best luck :)
PP

0

i did all the things on the list;D

um the only problem that occured so far is that my audio device is missing;

medias on internet and some other programs; musics played by media player and adrenalin ; i can hear them well like before

but certain programs doesnt make a single sound


ah ! here's my HJT after all the process (THANK YOU)

Logfile of HijackThis v1.99.1
Scan saved at 오후 4:18:17, on 2007-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDANSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_0_0_20.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Minidesk - {C30DA579-F94C-4949-95C0-CE721D9109F6} - C:\Program Files\Minidesk\minidesk.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.cssoft.co.kr (HKLM)
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8BCAB742-72F8-4119-A4B4-8F639A6E27B3} (CNaverImageUploadCtl Object) - http://photolog.blog.naver.com/NIU.CAB
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaService - Unknown owner - C:\WINDOWS\system32\drivers\CDANSRV.EXE
O23 - Service: COM+ Provider (COMSrvlagacy) - Unknown owner - C:\WINDOWS\mdm.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

0


um the only problem that occured so far is that my audio device is missing;

medias on internet and some other programs; musics played by media player and adrenalin ; i can hear them well like before

but certain programs doesnt make a single sound

Hi Stephanie,

-- Can you tell me when you first noticed this? After which post in the removal procedure?


Honestly, I am kinda winging it here . . . This is a very difficult HJT log for me because of the Asian background.

For instance, conime.exe is a valid file . . . it's an IME for Asian language input. However, it doesn't run as a service and it doesn't run from %windir% as it was showing in your HJT - so it was a baddie. But, these things make it a bit difficult.....

There are a number of things we removed that I am pretty sure had to go. I am not 100% on them because I've never seen them before - going on gut and experience.

For instance, C:\WINDOWS\system32\upl.dll could very well be a legitimate dll, but it shouldn't be running from system32.

Plus, it looks like a Korean baddie:
http://info.ahnlab.com/securityinfo/virus_view_eng_new2.jsp?SEQ_NO=6544
http://v3.korea.com/info_virus_view.asp?list=/virus_info_list.asp&seq=6544

And, it's a newly discovered baddie, which may be why McAfee pooped up with a heuristic detection rather than a specific one...
So, I had you fix it...


On the plus side, there should be backups via HJT and Killbox in the event we need to restore a mistakenly deleted item.
It very well could be one of the 016 ActiveX controls that we fixed with HJT - If we can pinpoint one, we can restore it.


Anyhoo, let me know the answer to the question at the top of the page.

PP :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.