Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware, spyware, viruses plz help


  • This topic is locked This topic is locked
4 replies to this topic

#1 eastside914

eastside914

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 07 April 2009 - 09:09 AM

hi,
just few days ago my internet started running really slow. just to let you know, my kaspersky antivirus has been out of date for like a year, thus i have many spyware and adwars and possibly virus. My msn messenger worked however it doesn't anymore. I know my internet is still up because i can still download files but at extremely slow rates. I am running windows vista. i have done adware scans and avira virus scans and noticed the many virus or malwares. some were eradicated while some were not. Also, i am using my other computer via wireless which works perfectly fine. Please help

my hijackthis log

Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Common Files\PWC3800\PWCam.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Public\SoftRun\NoPhishing\NoPhishing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Razer\Tarantula\razertra.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\mobsync.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {028CE0D5-6644-428C-B410-9C4D35215261} - C:\PROGRA~1\lowbar\lowbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5B953EB9-5F1A-4DC3-8D7B-69DB378370F3} - C:\PROGRA~1\q-search\Q-SEAR~1.DLL (file missing)
O2 - BHO: O - {740F52BA-2C3F-4319-A513-C6F9EF0AA6D1} - C:\Windows\System32\nus\nu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Daum-빛자루 툴바 - {D7045991-84D6-46D3-8487-84FBEDC21B84} - C:\Program Files\DaumVitzaru\AhnToolbar.dll
O3 - Toolbar: ADDON 툴바 - {F72AA64E-E4C3-4974-B2DF-3F1BF0D2147F} - C:\PROGRA~1\addontb\addontb.dll (file missing)
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Tarantula] C:\Program Files\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWCam] C:\Program Files\Common Files\PWC3800\PWCam.exe
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE PLEOMAX PWC-3800
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nsconf] C:\Windows\System32\nsconf.exe
O4 - HKLM\..\Run: [addontb] C:\Program Files\addontb\addontb_u.exe
O4 - HKLM\..\Run: [nus] C:\Windows\System32\nus\nus.exe
O4 - HKLM\..\Run: [q-search] C:\Program Files\q-search\q-searche.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NoPhishing] C:\Users\Public\SoftRun\NoPhishing\NPUT.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Daum검색 (3.0) - res://c:\program files\daumvitzaru\ahntoolbar.dll/213
O8 - Extra context menu item: Daum사전 검색 (3.0) - res://c:\program files\daumvitzaru\ahntoolbar.dll/214
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 네이버 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /SEARCH.HTML
O8 - Extra context menu item: 네이버 북마크하기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /BOOKMARK.HTML
O8 - Extra context menu item: 네이버 블로그 담기 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /BLOG.HTML
O8 - Extra context menu item: 네이버 사전 검색 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /DIC.HTML
O8 - Extra context menu item: 네이버 일한 번역 - res://C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll /JKTRANS.HTML
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (no file)
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.arumin.co.kr
O15 - Trusted Zone: http://*.goodi.com
O15 - Trusted Zone: http://*.shinhan.com
O15 - Trusted Zone: http://*.shinhancard.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nm...MStarter24.cab
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.com/web/nm...MStarter25.cab
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg8.cyworld.com/ImageUploa...load_10217.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0A4E624A-F7EA-4313-B721-C5669E0C6266} (TrustSiteAuction Control) - http://download.auction.co.kr/active...uctionCtrl.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary...s.cab57176.cab
O16 - DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} (VarovisionPlayer Control) - http://music.tworld.co.kr/varovision...ayerX_1507.cab
O16 - DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} (DaumPlayerPan Class) - http://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - http://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20090220.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://img.shinhan.com/initech/plugi...own/INIS60.cab
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - http://bgweb.clubbox.co.kr/bin/DownStarter.cab
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - http://img.shinhan.com/shttp/install/down/INIS70.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://img.shinhan.com/rib/common/ke...CSK4_vista.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games ?Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {42E8651D-C437-4203-93F5-24E20C2C4465} (KvpVCardCtl Control) - https://www.vpay.co.kr/kvpfiles_vist...Card_VISTA.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_...XPayMPIOCX.cab
O16 - DPF: {4FE4E8BE-CD7E-42D8-B0EE-E52B360E11AF} (ITmoney Client Control) - http://www.i-tmoney.com/plugin/install/itmny4vista.cab
O16 - DPF: {518059C9-3257-4B29-88EE-102E02DE5F25} (NetmarbleDownloaderCtrl Class) - http://download.netmarble.com/web/NM...Downloader.cab
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} (nPCom2 Control) - http://update.nprotect.net/nprotect2.....;/npstarter.cab
O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.com/web/6N...nformerCJI.cab
O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} (Printmade Control) - http://img.shinhan.com/rib//ko/print/Printmade.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-PH/.....;/GAME_UNO1.cab
O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/j...rossDomain.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1195129474027
O16 - DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} (EasyPlugX Control) - http://ec2.kicc.co.kr/PLUGIN_GS/EasyPlugX.cab
O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} (ProWorksGrid Control) - http://img.shinhan.com/rib/common/ProWorksGrid_78.cab
O16 - DPF: {67BC8188-4CDD-4969-8195-10970DE2D8FB} (SIS2005ViewerWeb Class) - http://adult.neomtel.com/activex/vis...xVISWebSKT.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6C46D0C1-1B3C-4D1E-AB6C-3ADEA4D86346} (HLiveRobotVT Control) - http://fx.hauri.net/HProduct/livesui...iveRobotVT.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {7770D530-D188-4F50-8C8C-23FAD2636EBF} (WawaDisk File Share Control 5) - http://www.wawadisk.com/mmsv/WawaDiskControl.CAB
O16 - DPF: {78D3A4C5-B113-4628-93FA-2D1957092341} (Clubzin Control v3) - http://www.clubzin.co.kr/append/appl...zinControl.CAB
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Publ...xw_install.cab
O16 - DPF: {8055C6FC-E2F3-4FFF-8385-9D71D57A3CF6} (WebCompass Control) - http://www.mncast.com/cache/dynamic/...x/WSmncast.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/...sticsVista.cab
O16 - DPF: {820359CA-BD53-4BDF-8393-282FEEAE8C53} (Monkey3ActiveXControl Control) - http://www.monkey3.co.kr/Monkey3Acti...veXControl.cab
O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab
O16 - DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} (NoPhishingX Control) - http://www.nophishing.co.kr/softrun/SH02/SRNPSH.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/d...rsion=1,0,0,10
O16 - DPF: {9488BAE7-ED3D-4A77-BBDE-253982910C01} (Mini Control) - http://touch.imbc.com/ActiveX/mini/mini.ocx
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (V3D Client Control) - https://v3d.kcp.co.kr/file/kcp_ansimclick.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games ?Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/vista/INIwallet50.cab
O16 - DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} (SecureSession Class) - http://www.dfsshilla.com/secui/clien...fsShillaIE.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.nefficient.co.kr/kings/...2/kdfense8.cab
O16 - DPF: {A8AFF156-AC9A-4513-A9EA-01F63E2AC162} (SunAx Control) - http://sunmuz.sunzio.com/SunAx.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - http://pgdownload.dacom.net/dacom/Is...MS_3_1_0_1.cab
O16 - DPF: {AD514D05-9166-4878-A562-D6F30C1986B8} (MelonUp Class) - http://www.melon.com/cab/P3MelSet.cab
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - https://download.auction.co.kr/activ...BankPayEFT.cab
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} (MakeShop Secure Control) - http://ssl.makeshop.co.kr/ssl/MSecure.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3p...ge/pdrinst.cab
O16 - DPF: {BC44D4D0-D94D-4031-A76F-DD9B70078B2B} (WawaDisk File Share Control 6) - http://www.wawadisk.com/mmsv/WawaDiskControl.CAB
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} (Mgoon Launcher Control) - http://www.mgoon.com/launcher.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1020.cab
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - http://img.shinhan.com/rib/common/in...neTransfer.cab
O16 - DPF: {C39AB2A8-5089-4E8D-82C7-EB256059B99F} (AuHCBase Control) - http://210.92.16.250/auHCBase.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CA03E4BD-6232-4680-8C08-3AF1CF46102A} (ClubNex File Share Control 5) - http://www.clubnex.co.kr/mmsv/ClubNexControl.CAB
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.com/web/NM...wnloaderEx.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://player.muz.co.kr/package/inst...3/p3Instal.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://vbv.shinhancard.com/popup/npkcx.cab
O16 - DPF: {D711C9FC-B37A-49C3-8229-2F5F3641D6DB} (DigitalAria MobileFlash 2.0 Control) - http://activex.digitalaria.com/m/MFActiveX.cab
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - https://plugin.inicis.com/wallet60/I...et60_vista.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games ?Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {DB962ED5-C4A1-4B50-8CEB-D6F9CD70A6F8} (Netmarble GameCheck Class) - http://download.netmarble.com/web/NM...MGameCheck.cab
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control) - https://pay.kcp.co.kr/plugin/file_vista/payplus.cab
O16 - DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} (BtPmntClient Class) - https://plugin.inicis.com/banktown/w...PmntClient.cab
O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} (PcubeSet Class) - http://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - http://www.vpay.co.kr/kvpfiles_vista...CTLD_VISTA.cab
O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://img.shinhan.com/rib/common/Tr...TrustSiteX.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.kiwoom.com/SKCommAX/SKCommAX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://cafe.naver.com/common/activex/NaverAXGuide.cab
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - https://www.isaackorea.net/update/ansim/ilkactx.cab
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.10113.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple 모바일 장비 (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour 서비스 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AhnLab SecuOn Service (bssvc) - AhnLab, Inc. - C:\Program Files\AhnLab\Secuon\bssvc.exe
O23 - Service: @comres.dll,-947 (COMSysApp) - Unknown owner - C:\Windows\system32\dllhost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Mega Network Manager - Unknown owner - C:\Program Files\MegaService\Mmgr.exe
O23 - Service: Mega Network Service - Unknown owner - C:\Program Files\MegaService\Msvc.exe
O23 - Service: Mega Network Update - Unknown owner - C:\Program Files\MegaService\Mudt.exe
O23 - Service: Naver Updater - NHN Corp. - C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NoPhishing - Unknown owner - C:\Users\Public\SoftRun\NoPhishing\NPNTService (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Windows\system32\npkcmsvc.exe
O23 - Service: nProtect Starter (nPStarterSVC) - Unknown owner - C:\Windows\system32\nPStarterSVC.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 21343 bytes





my DDS Log

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tae Kyu Kim at 22:53:20.02 on 2009-04-07
Internet Explorer: 7.0.6001.18000
Microsoft Windows Vista Home Premium 6.0.6001.1.949.82.1033.18.3582.2149 [GMT 9:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Razer\Tarantula\razerhid.exe
C:\Program Files\Common Files\PWC3800\PWCam.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AhnLab\Secuon\bssvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\MegaService\Mmgr.exe
C:\Program Files\MegaService\Mudt.exe
C:\Windows\system32\svchost.exe -k Mplus
C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Users\Public\SoftRun\NoPhishing\NPNTService.exe
C:\Windows\system32\npkcmsvc.exe
C:\Users\Public\SoftRun\NoPhishing\NPM.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MegaService\Msvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Users\Public\SoftRun\NoPhishing\NoPhishing.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Razer\Tarantula\razertra.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tae Kyu Kim\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.naver.com/
mDefault_Page_URL = hxxp://www.naver.com/
uInternet Settings,ProxyOverride = *.local
BHO: : {028ce0d5-6644-428c-b410-9c4d35215261} - c:\progra~1\lowbar\lowbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {5b953eb9-5f1a-4dc3-8d7b-69db378370f3} - c:\progra~1\q-search\Q-SEAR~1.DLL
BHO: O: {740f52ba-2c3f-4319-a513-c6f9ef0aa6d1} - c:\windows\system32\nus\nu.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Daum-빛자루 툴바: {d7045991-84d6-46d3-8487-84fbedc21b84} - c:\program files\daumvitzaru\AhnToolbar.dll
TB: ADDON 툴바: {f72aa64e-e4c3-4974-b2df-3f1bf0d2147f} - c:\progra~1\addontb\addontb.dll
TB: 네이버 툴바(&N): {d09cff09-a42a-4edc-9804-e61224f59ca1} - c:\program files\naver\navertoolbar\NaverTB_3_1_1_107.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: &Mplus Search: {afe6768e-4eaa-4518-b547-0185e6ce0822} - c:\progra~1\mplus\mg_lb_1c.dll
EB: &Mplus Reward: {e7d99126-435f-442e-883a-2ebb7f4c7e40} - c:\progra~1\mplus\mg_rb_1d.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ppshell]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [NoPhishing] c:\users\public\softrun\nophishing\NPUT.exe -s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [Tarantula] c:\program files\razer\tarantula\razerhid.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [PWCam] c:\program files\common files\pwc3800\PWCam.exe
mRun: [BigDogPath] c:\windows\VM_STI.EXE PLEOMAX PWC-3800
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nsconf] c:\windows\system32\nsconf.exe
mRun: [addontb] c:\program files\addontb\addontb_u.exe
mRun: [nus] c:\windows\system32\nus\nus.exe
mRun: [q-search] c:\program files\q-search\q-searche.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Daum검색 (3.0) - c:\program files\daumvitzaru\ahntoolbar.dll/213
IE: Daum사전 검색 (3.0) - c:\program files\daumvitzaru\ahntoolbar.dll/214
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: 네이버 검색 - c:\program files\naver\navertoolbar\NaverTB_3_1_1_107.dll /SEARCH.HTML
IE: 네이버 북마크하기 - c:\program files\naver\navertoolbar\NaverTB_3_1_1_107.dll /BOOKMARK.HTML
IE: 네이버 블로그 담기 - c:\program files\naver\navertoolbar\NaverTB_3_1_1_107.dll /BLOG.HTML
IE: 네이버 사전 검색 - c:\program files\naver\navertoolbar\NaverTB_3_1_1_107.dll /DIC.HTML
IE: 네이버 일한 번역 - c:\program files\naver\navertoolbar\NaverTB_3_1_1_107.dll /JKTRANS.HTML
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.7.4.dll
Trusted Zone: arumin.co.kr
Trusted Zone: goodi.com
Trusted Zone: shinhan.com
Trusted Zone: shinhancard.com
DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter24.cab
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter25.cab
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0A4E624A-F7EA-4313-B721-C5669E0C6266} - hxxp://download.auction.co.kr/activexpay/TrustSiteAuctionCtrl.cab
DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab57176.cab
DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} - hxxp://music.tworld.co.kr/varovision/VarovisionPlayerX_1507.cab
DPF: {15C4019C-C917-4905-999A-99B4EC71B7CF} - hxxp://listen.daum.net/52st/DaumMPlayer/DaumMPlayer.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGDacom_XMPI_20090220.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://img.shinhan.com/initech/plugin/new6106/down/INIS60.cab
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.clubbox.co.kr/bin/DownStarter.cab
DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} - hxxp://img.shinhan.com/shttp/install/down/INIS70.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://img.shinhan.com/rib/common/keyStroke/SoftCamp/402011/SCSK4_vista.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {42E8651D-C437-4203-93F5-24E20C2C4465} - hxxps://www.vpay.co.kr/kvpfiles_vista/KVPCyberCard_VISTA.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
DPF: {4FE4E8BE-CD7E-42D8-B0EE-E52B360E11AF} - hxxp://www.i-tmoney.com/plugin/install/itmny4vista.cab
DPF: {518059C9-3257-4B29-88EE-102E02DE5F25} - hxxp://download.netmarble.com/web/NMGameCheck/NetmarbleDownloader.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://update.nprotect.net/nprotect2007/lgcard/npstarter.cab
DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} - hxxp://download.netmarble.com/web/6N/pccheck/SystemInformerCJI.cab
DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} - hxxp://img.shinhan.com/rib//ko/print/Printmade.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-PH/a-UNO1/GAME_UNO1.cab
DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} - hxxp://www.csafer.net/ActiveX/MASetupWizard.cab
DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} - hxxp://pgdownload.dacom.net/common/js/crossdomain/DacomCrossDomain.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195129474027
DPF: {662B4974-EE36-426D-BD11-E75122E6BE18} - hxxp://ec2.kicc.co.kr/PLUGIN_GS/EasyPlugX.cab
DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid_78.cab
DPF: {67BC8188-4CDD-4969-8195-10970DE2D8FB} - hxxp://adult.neomtel.com/activex/vis/ver1201/AxVISWebSKT.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6C46D0C1-1B3C-4D1E-AB6C-3ADEA4D86346} - hxxp://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuiteVT/web/HLiveRobotVT.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7770D530-D188-4F50-8C8C-23FAD2636EBF} - hxxp://www.wawadisk.com/mmsv/WawaDiskControl.CAB
DPF: {78D3A4C5-B113-4628-93FA-2D1957092341} - hxxp://www.clubzin.co.kr/append/application/ClubzinControl.CAB
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.1.7/xw_install.cab
DPF: {8055C6FC-E2F3-4FFF-8385-9D71D57A3CF6} - hxxp://www.mncast.com/cache/dynamic/activex/WSmncast.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {820359CA-BD53-4BDF-8393-282FEEAE8C53} - hxxp://www.monkey3.co.kr/Monkey3ActiveX/Monkey3ActiveXControl.cab
DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} - hxxp://www.csafer.net/activex/mabugsdownload.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FA8D5F7-7CBA-46D4-9568-68D70C5280E8} - hxxp://www.nophishing.co.kr/softrun/SH02/SRNPSH.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
DPF: {9488BAE7-ED3D-4A77-BBDE-253982910C01} - hxxp://touch.imbc.com/ActiveX/mini/mini.ocx
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} - hxxp://plugin.inicis.com/vista/INIwallet50.cab
DPF: {A3F9657A-976F-4719-B370-C6F765728C4B} - hxxp://www.dfsshilla.com/secui/client/SecuiDfsShillaIE.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx312/kdfense8.cab
DPF: {A8AFF156-AC9A-4513-A9EA-01F63E2AC162} - hxxp://sunmuz.sunzio.com/SunAx.cab
DPF: {A977FF0C-8757-4E76-8533-482F91946233} - hxxp://dl.sayclub.com/sayclub/sayctl/sayax.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.dacom.net/dacom/IssacWebProCMS_3_1_0_1.cab
DPF: {AD514D05-9166-4878-A562-D6F30C1986B8} - hxxp://www.melon.com/cab/P3MelSet.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://download.auction.co.kr/activexpay/20090119/BankPayEFT.cab
DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
DPF: {BC44D4D0-D94D-4031-A76F-DD9B70078B2B} - hxxp://www.wawadisk.com/mmsv/WawaDiskControl.CAB
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {C021A4D6-173F-4BF4-B38C-B12CAA20E518} - hxxp://www.mgoon.com/launcher.cab
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxp://img.shinhan.com/rib/common/infovine/ver1030/VineTransfer.cab
DPF: {C39AB2A8-5089-4E8D-82C7-EB256059B99F} - hxxp://210.92.16.250/auHCBase.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CA03E4BD-6232-4680-8C08-3AF1CF46102A} - hxxp://www.clubnex.co.kr/mmsv/ClubNexControl.CAB
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} - hxxp://download.netmarble.com/web/NMGameCheck/NetmarbleDownloaderEx.cab
DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://player.muz.co.kr/package/installer2008_03/p3Instal.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxps://vbv.shinhancard.com/popup/npkcx.cab
DPF: {D711C9FC-B37A-49C3-8229-2F5F3641D6DB} - hxxp://activex.digitalaria.com/m/MFActiveX.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxps://plugin.inicis.com/wallet60/INIwallet60_vista.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab57176.cab
DPF: {DB962ED5-C4A1-4B50-8CEB-D6F9CD70A6F8} - hxxp://download.netmarble.com/web/NMGameCheck/NMGameCheck.cab
DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} - hxxps://pay.kcp.co.kr/plugin/file_vista/payplus.cab
DPF: {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} - hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab
DPF: {E75386B4-C629-11DB-8338-444553544200} - hxxp://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxp://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} - hxxp://img.shinhan.com/rib/common/TrustSite/vista/ShbAutoTrustSiteX.cab
DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} - hxxp://www.kiwoom.com/SKCommAX/SKCommAX.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab
DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} - hxxps://www.isaackorea.net/update/ansim/ilkactx.cab
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files\initech\shttp\InitechSHTTPInterface.10113.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\r3hook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\taekyu~1\appdata\roaming\mozilla\firefox\profiles\i55tmwmy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-28 64160]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-4-4 20760]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-7 108289]
R2 bssvc;AhnLab SecuOn Service;c:\program files\ahnlab\secuon\bssvc.exe [2008-7-29 390360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 951632]
R2 Mega Network Manager;Mega Network Manager;c:\program files\megaservice\Mmgr.exe [2008-12-22 114688]
R2 Mega Network Service;Mega Network Service;c:\program files\megaservice\Msvc.exe [2008-12-22 98304]
R2 Mega Network Update;Mega Network Update;c:\program files\megaservice\Mudt.exe [2008-12-22 90112]
R2 mgsv;Mplus Updater Service;c:\windows\system32\svchost.exe -k Mplus [2008-8-2 21504]
R2 Naver Updater;Naver Updater;c:\program files\naver\navercommon\NaverAdminAPISvc.exe [2007-10-11 111288]
R2 NoPhishing;NoPhishing;c:\users\public\softrun\nophishing\npntservice --> c:\users\public\softrun\nophishing\NPNTService [?]
R3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-4-11 45440]
R3 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [2008-8-19 11296]
S2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe --> c:\windows\system32\nPStarterSVC.exe [?]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2009-1-10 10496]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2009-1-10 6784]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2007-7-30 11385]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2007-7-30 169109]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\drivers\HSPUSB.sys [2008-7-30 17408]
S3 ZSMC302;PLEOMAX PWC-3800;c:\windows\system32\drivers\usbvm302.sys [2007-8-17 90968]

=============== Created Last 30 ================

2009-04-07 02:15 <DIR> --d----- c:\program files\Trend Micro
2009-04-07 01:49 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-06 23:18 <DIR> --d----- c:\windows\pss
2009-04-06 22:53 578,149 a------- C:\Autoruns.zip
2009-04-06 21:56 <DIR> --d----- c:\programdata\Avira
2009-04-06 21:56 <DIR> --d----- c:\program files\Avira
2009-04-06 21:56 <DIR> --d----- c:\progra~2\Avira
2009-04-01 11:03 61,440 a------- c:\windows\system32\proDefense.dll
2009-04-01 10:53 <DIR> --d----- c:\program files\Conquer 2.0
2009-03-29 11:54 26,176 a------- c:\windows\system32\INIUAC.exe
2009-03-28 02:00 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-28 01:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-28 01:48 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 01:48 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-28 01:48 <DIR> --d----- c:\program files\Lavasoft
2009-03-28 01:19 <DIR> --d----- c:\users\tae kyu kim\Tracing
2009-03-28 01:19 <DIR> --d----- c:\program files\Microsoft
2009-03-28 01:18 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-28 01:12 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-19 23:25 <DIR> --d----- c:\program files\naver
2009-03-12 16:14 77,824 a------- c:\windows\system32\srchrun.exe
2009-03-11 18:43 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-11 18:42 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-11 18:42 7,680 a------- c:\windows\system32\spwmp.dll
2009-03-11 18:42 4,096 a------- c:\windows\system32\msdxm.ocx
2009-03-11 18:42 4,096 a------- c:\windows\system32\dxmasf.dll
2009-03-11 18:41 268,288 a------- c:\windows\system32\schannel.dll

==================== Find3M ====================

2009-04-07 18:31 204,438,560 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-07 09:17 2,742,080 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-01 11:03 192,512 a------- c:\windows\system32\kdfvmgr.exe
2009-04-01 11:03 83,288 a------- c:\windows\system32\kdfapi.dll
2009-04-01 11:03 75,336 a------- c:\windows\system32\Kdfhok.dll
2009-04-01 11:03 678,480 a------- c:\windows\system32\STYJIMZC.exe
2009-03-30 21:37 10,496 a------- c:\windows\system32\JRSKD24.sys
2009-03-30 21:37 6,784 a------- c:\windows\system32\JRSUKD24.sys
2009-02-26 15:04 451,256 a------- c:\windows\system32\NJUninst.exe
2009-02-09 16:58 526,848 a------- c:\windows\system32\setup_adsweeper.exe
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-04 10:05 376,832 a------- c:\windows\system32\XecureCK.dll
2009-01-30 21:20 1,123,000 a------- c:\windows\system32\HanWebMsg1056.dll
2009-01-15 16:39 217,600 a------- c:\windows\system32\sun_install.exe
2009-01-15 15:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-12 18:54 643,768 a------- c:\windows\system32\HanSetup.exe
2009-01-12 14:47 41,152 a------- c:\windows\system32\HanGamePlugin19.dll
2009-01-12 10:14 40,960 a------- c:\windows\system32\CKComObj.dll
2009-01-10 00:06 128,368 a------- c:\windows\system32\CKSetup.exe
2008-11-27 02:09 143,360 a------- c:\windows\inf\infstrng.dat
2008-11-27 02:09 51,200 a------- c:\windows\inf\infpub.dat
2008-11-27 02:09 86,016 a------- c:\windows\inf\infstor.dat
2008-08-02 21:32 174 a--sh--- c:\program files\desktop.ini
2008-08-02 21:23 665,600 a------- c:\windows\inf\drvindex.dat
2007-11-26 00:39 22,328 a------- c:\users\taekyu~1\appdata\roaming\PnkBstrK.sys
2006-11-02 21:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 21:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 21:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 21:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 18:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 18:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 18:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 18:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-04 11:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-04-04 11:52 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-04-04 11:52 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 22:54:16.76 ===============

my attach file is attached~
thank you very much

Attached Files


Edited by eastside914, 07 April 2009 - 09:24 AM.


BC AdBot (Login to Remove)

 


#2 eastside914

eastside914
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 07 April 2009 - 11:14 AM

anybody help me please?

#3 eastside914

eastside914
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 07 April 2009 - 06:19 PM

please someone help me get rid the viruses TT i need my computer to work

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,906 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:34 PM

Posted 18 April 2009 - 03:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,906 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:34 PM

Posted 27 April 2009 - 10:27 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users