Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with spyware which makes pop_ups for installing SpywareRemover2009


  • This topic is locked This topic is locked
7 replies to this topic

#1 Yacult_EO

Yacult_EO

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 11 April 2009 - 10:57 PM

Attached File  asdf.JPG   2.1KB   15 downloads
Attached File  asdf2.JPG   145.32KB   12 downloads
Attached File  asdf3.JPG   12.69KB   13 downloads

There is an 'X' icon on the tray which can not be erased for myself, making pop_ups for installing SpywareRemover2009 and etc.
I used many anti-spyware programs, but they are not effective.

Not only the Attath file, I also uploaded a screenshot.

Here's dds file log.



DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 12:41:25.35 on 2009-04-12
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.2037.1444 [GMT 9:00]

AV: V3 Lite *On-access scanning enabled* (Updated)
AV: nProtect Anti-Virus/Spyware 2007 *On-access scanning enabled* (Updated)
AV: ์•Œ์•ฝ *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\WINDOWS\system32\INCAinternet\nProtect Security Platform 2007\nspsvc.exe
C:\Program Files\AhnLab\SiteGuard\SGsvc.exe
C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
C:\WINDOWS\system32\INCAInternet\nProtect Security Platform 2007\nspupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AhnLab\V3Lite\V3LTray.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\WINDOWS\system32\ctfmon.exe
D:\DAEMON Tools Lite\daemon.exe
D:\CDSpace 6\lcdplyer.exe
C:\Program Files\NATEON\BIN\NATEONMain.exe
D:\CDSpace 6\Cdsrcm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\๋ฐโ€ํƒ• ํ™โ€๋ฉด\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.naver.com/
uInternet Connection Wizard,ShellNext = hxxp://www.naver.com/
BHO: SGAgentObj Class: {19217b99-f935-4a39-b857-a68a68d5bebb} - c:\program files\ahnlab\siteguard\SGAgenti.dll
BHO: V3Lite ActiveX Manager: {62003e94-ff5b-4056-a127-c679aaeb85e2} - c:\program files\ahnlab\v3lite\V3LAxCtl.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\daemon.exe" -autorun
uRun: [NATEON] c:\program files\nateon\bin\NATEON.exe -as
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AhnLab V3Lite Tray Process] "c:\program files\ahnlab\v3lite\V3LTray.exe" /logon
dRun: [ctfmon.exe] ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\์‹œ์ž‘๋ฉโ€~1\ํโ€„๋กœ๊ทธ๋žจ\์‹œ์ž‘ํโ€„~1\lcdpla~1.lnk - d:\cdspace 6\lcdplyer.exe
uPolicies-explorer: MaxRecentDocs = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
IE: Microsoft Excel๋กœ ๋‚ด๋ณด๋‚ด๊ธฐ(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cab
DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} - hxxp://www.melon.com/decophone/common/VarovisionPlayerX.cab
DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} - hxxp://www.benchbee.co.kr/common/cab/sysinfo2.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {5244F5E8-34E4-4764-ABDB-04E48BF5872F} - hxxp://www.mma.go.kr/markany/MaWebSAFER_MMA.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www.mma.go.kr/XecureObject/xw_install.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {917D7D2D-C7BD-4CDB-A3C4-7084FBE6DE78} - hxxp://www.mfile.co.kr/mmsv/MfileWebControl2.CAB
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E92D4BD6-F236-4FF0-AC7F-BC17CC6456AA} - hxxp://www.benchbee.co.kr/common/cab/BSpeedTest.cab
DPF: {FDAF910A-7F67-4BF7-9CB2-B65D652DD618} - hxxp://sing.melon.com/melon/player/ocx/MelonSingPlayer.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 CDSPACEX;CDSPACEX;c:\windows\system32\drivers\CDSPACEX.sys [2009-4-5 51387]
R1 lvmedia;lvmedia;c:\windows\system32\drivers\lvmedia.sys [2009-4-5 17498]
R1 XSpaceWg;XSpaceWg;c:\windows\system32\drivers\xspacewg.sys [2009-4-5 3798]
R2 SGsvc;AhnLab SiteGuard Service;c:\program files\ahnlab\siteguard\SgSvc.exe [2009-4-11 412232]
R2 V3 Lite Service;V3 Lite Service;c:\program files\ahnlab\v3lite\V3LSvc.exe [2009-4-11 260792]
R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\drivers\AhnFlt2k.sys [2009-4-11 45952]
R3 AhnRec2k;AhnRec2k;c:\windows\system32\drivers\AhnRec2k.sys [2009-4-11 13824]
R3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys [2009-4-11 28928]
R3 AhnSZE;AhnSZE;c:\windows\system32\drivers\ahnsze.sys [2009-4-11 1257472]
R3 ASZFltNt;ASZFltNt;c:\progra~1\ahnlab\v3lite\ASZFltNt.sys [2009-4-11 106624]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2009-4-11 12893]
R3 NSPService;nProtect Security Platform 2007 Service;c:\windows\system32\incainternet\nprotect security platform 2007\nspsvc.exe [2009-4-10 354848]
R3 NSPUpdateService;nProtect Security Platform 2007 Update Service;c:\windows\system32\incainternet\nprotect security platform 2007\nspupsvc.exe [2009-4-10 813600]
R3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [2009-4-10 91296]
R3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [2009-4-10 80672]
R3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [2009-4-10 40832]
R3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [2009-4-10 24576]
R3 v3engine;v3engine;c:\windows\system32\drivers\v3engine.sys [2009-4-11 1592960]
R3 V3Flt2K;V3Flt2K;c:\progra~1\ahnlab\v3lite\V3Flt2K.sys [2009-4-11 120064]
RUnknown AVMON;AVMON; [x]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\estsoft\alyac\AYDrvSP.sys [2009-4-3 24312]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SKTBus;SK Telecom USB Composite device driver;c:\windows\system32\drivers\SKTBus.sys [2009-4-8 28098]
S3 SKTMdm;SK Telecom USB Modem;c:\windows\system32\drivers\SKTMdm.sys [2009-4-8 28820]
S3 SKTOBEX;SK Telecom USB OBEX Device Driver;c:\windows\system32\drivers\SKTOBEX.sys [2009-4-8 15940]
S3 SKTVsp;SK Telecom USB Virtual Serial Port Driver;c:\windows\system32\drivers\SKTVsp.sys [2009-4-8 27541]
S3 SKTWVsp;SK Telecom WIPI Virtual Serial Port Driver;c:\windows\system32\drivers\SKTWVSP.sys [2009-4-8 27514]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [2009-4-10 31488]
S3 TKTool;TKTool;c:\windows\system32\TKTool2k.sys [2009-4-10 18048]

=============== Created Last 30 ================

2009-04-12 12:39 359 ----h--- c:\windows\system32\nspvsinf.nsx
2009-04-12 12:28 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-12 11:45 <DIR> --d----- c:\program files\EGN
2009-04-12 02:46 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-12 02:46 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-12 02:46 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-12 02:46 937,984 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-12 02:46 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-12 02:46 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-12 02:46 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-12 02:46 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-12 02:46 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-11 21:59 1,592,960 a------- c:\windows\system32\drivers\v3engine.sys
2009-04-11 21:59 1,257,472 a------- c:\windows\system32\drivers\ahnsze.sys
2009-04-11 21:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\AhnLab
2009-04-11 21:57 <DIR> --d----- c:\program files\common files\AhnLab
2009-04-11 21:57 45,952 a------- c:\windows\system32\drivers\AhnFlt2k.sys
2009-04-11 21:57 28,928 a------- c:\windows\system32\drivers\AhnRghNt.sys
2009-04-11 21:57 13,824 a------- c:\windows\system32\drivers\AhnRec2k.sys
2009-04-11 21:57 12,893 a------- c:\windows\system32\drivers\CdmDrvNt.sys
2009-04-11 21:57 <DIR> --d----- c:\program files\AhnLab
2009-04-11 21:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AhnLab
2009-04-11 10:26 <DIR> --d----- c:\windows\system32\ko
2009-04-11 10:26 <DIR> --d----- c:\windows\system32\bits
2009-04-11 10:26 <DIR> --d----- c:\windows\l2schemas
2009-04-11 10:25 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-11 10:24 <DIR> --d----- c:\windows\network diagnostic
2009-04-11 04:52 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-11 04:50 <DIR> --d----- c:\windows\system32\ko-kr
2009-04-11 04:48 118 a------- c:\windows\system32\MRT.INI
2009-04-10 16:06 <DIR> --d----- C:\Temp
2009-04-10 15:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-10 15:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-10 15:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-10 15:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 15:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-10 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-10 15:39 <DIR> --d----- c:\program files\common files\INCAInternet
2009-04-10 15:39 <DIR> --d----- c:\program files\INCAInternet
2009-04-10 13:46 828,128 a------- c:\windows\system32\SKTVCtrl.dll
2009-04-10 13:46 200,704 a------- c:\windows\system32\SKTVf2.dll
2009-04-10 13:46 189,152 a------- c:\windows\system32\SKTVSvr.exe
2009-04-10 13:46 167,936 a------- c:\windows\system32\SKTVve.ax
2009-04-10 13:46 143,360 a------- c:\windows\system32\SKTVf1.dll
2009-04-10 12:19 <DIR> --d----- c:\windows\system32\crc
2009-04-10 12:09 127 a------- c:\windows\system32\fscflist.ini.tmp
2009-04-10 12:09 77,824 a------- c:\windows\system32\nod.dll
2009-04-10 12:09 0 a------- c:\windows\system32\PDBOXGame.html
2009-04-10 12:08 127 a------- c:\windows\system32\fscflist.ini
2009-04-10 12:08 78 a------- c:\windows\system32\fscagent.ini.tmp
2009-04-10 12:08 73 a------- c:\windows\system32\fscagent.ini
2009-04-09 17:11 1,344,688 a------- c:\windows\system32\MelonBell.ocx
2009-04-08 11:58 6,656 a--sh--- c:\windows\system32\Thumbs.db
2009-04-08 11:58 8,192 a--sh--- c:\windows\Thumbs.db
2009-04-08 11:55 406 a------- C:\EFS
2009-04-08 11:35 15,819 a------- C:\aqua_bitmap.cpp
2009-04-08 11:25 69 a------- c:\windows\NeroDigital.ini
2009-04-08 11:24 <DIR> --d----- c:\program files\AonMedia
2009-04-08 11:14 <DIR> --d----- c:\program files\SKT Sync 2.0
2009-04-08 11:14 <DIR> --d----- c:\program files\MelOn Player
2009-04-08 11:09 <DIR> --d----- c:\program files\Bugs
2009-04-08 08:04 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-04-08 08:04 <DIR> --d----- c:\program files\Motorola
2009-04-08 07:55 <DIR> --d----- c:\program files\common files\Motorola Shared
2009-04-08 07:55 28,820 a------- c:\windows\system32\drivers\SKTMdm.sys
2009-04-08 07:55 28,098 a------- c:\windows\system32\drivers\SKTBus.sys
2009-04-08 07:55 27,541 a------- c:\windows\system32\drivers\SKTVsp.sys
2009-04-08 07:55 27,514 a------- c:\windows\system32\drivers\SKTWVSP.sys
2009-04-08 07:55 15,940 a------- c:\windows\system32\drivers\SKTOBEX.sys
2009-04-08 07:55 <DIR> --d----- c:\program files\UniUSB
2009-04-08 07:40 245 a------- c:\windows\system32\p3downasx.asx
2009-04-07 23:30 <DIR> --d----- c:\program files\Guitar Pro 5
2009-04-07 23:10 75 a------- c:\windows\SNMNGR.INI
2009-04-07 22:43 <DIR> --d-h--- C:\XecureSSL
2009-04-07 22:43 <DIR> --d-h--- c:\windows\yessign
2009-04-07 22:43 <DIR> --d----- c:\program files\SoftForum
2009-04-07 22:43 <DIR> --d----- c:\program files\NPKI
2009-04-07 22:42 210 a------- C:\boot_old.ini
2009-04-06 01:16 71,730 a------- c:\windows\War3Unin.dat
2009-04-06 01:16 2,829 a------- c:\windows\War3Unin.pif
2009-04-06 01:16 139,264 a------- c:\windows\War3Unin.exe
2009-04-05 23:57 <DIR> --d----- C:\War3KoreanPatch
2009-04-05 23:33 7,115 a------- c:\windows\system32\drivers\cds6.cfg
2009-04-05 23:33 51,387 a------- c:\windows\system32\drivers\CDSPACEX.sys
2009-04-05 23:33 26,773 a------- c:\windows\system32\LvMedia.vxd
2009-04-05 23:33 17,498 a------- c:\windows\system32\drivers\lvmedia.sys
2009-04-05 23:33 3,798 a------- c:\windows\system32\drivers\xspacewg.sys
2009-04-05 19:58 70,656 a------- c:\windows\ScUnin.exe
2009-04-05 19:58 26,071 a------- c:\windows\scunin.dat
2009-04-05 19:58 967 a------- c:\windows\ScUnin.pif
2009-04-05 19:56 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-04-05 19:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-04-05 19:53 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-04-05 19:53 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-04-05 19:52 296,472 a------- c:\windows\system32\NaverFDL.exe
2009-04-05 19:52 292,376 a------- c:\windows\system32\NaverFile.ocx
2009-04-05 19:02 <DIR> --d----- c:\windows\Chinese Master
2009-04-05 18:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\NJStar
2009-04-05 09:20 <DIR> --d----- c:\documents and settings\all users\Application ja_JP
2009-04-05 04:17 83 a------- c:\windows\system32\CafeChat.cfg
2009-04-05 04:15 1,007,616 a------- c:\windows\system32\CafeChat.exe
2009-04-05 04:15 405,504 a------- c:\windows\system32\CafeHelper.ocx
2009-04-05 02:48 251,904 a--sh--- C:\radial.cdb
2009-04-04 22:35 2,728,248 a------- c:\windows\system32\GameMon.des
2009-04-04 22:34 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-04-04 22:34 4,682 a------- c:\windows\system32\npptNT2.sys
2009-04-04 22:34 <DIR> --d----- c:\program files\common files\INCA Shared
2009-04-04 22:20 <DIR> --d-h--- c:\docume~1\admini~1\applic~1\netmarble
2009-04-04 15:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\Clunet
2009-04-04 15:23 <DIR> --d----- c:\program files\mfile.co.kr
2009-04-04 13:08 575,088 a------- c:\windows\system32\SKCDecd.ax
2009-04-04 13:08 517,744 a------- c:\windows\system32\skcppl.dll
2009-04-04 13:08 468,592 a------- c:\windows\system32\skcbgm.dll
2009-04-04 13:08 198,256 a------- c:\windows\system32\skcwmf.dll
2009-04-04 13:08 169,584 a------- c:\windows\system32\skcbgm.exe
2009-04-04 13:08 144,744 a------- c:\windows\system32\skcbgmf1.dll
2009-04-04 13:08 136,816 a------- c:\windows\system32\SKCMpg.ax
2009-04-04 13:08 67,184 a------- c:\windows\system32\CMListControl.dll
2009-04-03 19:06 1,654,869 a------- c:\docume~1\alluse~1\applic~1\DynuEncrypt.dll
2009-04-03 19:04 <DIR> --d----- C:\Nexon
2009-04-03 18:49 159,744 a------- c:\windows\system32\kdfmgr.exe
2009-04-03 18:49 73,728 a------- c:\windows\system32\kdfapi.dll
2009-04-03 18:49 47,104 a------- c:\windows\system32\Kdfhok.dll
2009-04-03 18:49 61,440 a------- c:\windows\system32\kdfmod.dll
2009-04-03 18:49 373,248 a------- c:\windows\system32\kdfinj.dll
2009-04-03 18:49 <DIR> --d----- c:\windows\kdefense
2009-04-03 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nexon
2009-04-03 18:41 369,976 a------- c:\windows\system32\CKSetup32.exe
2009-04-03 18:41 <DIR> --d----- c:\program files\NATEON
2009-04-03 12:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\Hnc
2009-03-31 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GRETECH
2009-03-25 18:28 1,626,112 a----r-- c:\windows\system32\clubbox.exe
2009-03-25 13:13 276,992 -------- c:\windows\system32\wmphoto.dll
2009-03-25 13:06 270,336 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-25 13:06 270,336 -------- c:\windows\system32\drivers\bthport.sys
2009-03-25 13:05 2,190,848 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-25 13:05 2,146,816 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-25 13:05 2,067,712 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-25 13:05 2,025,472 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-25 13:04 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-25 13:04 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-25 13:04 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-25 13:04 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-25 13:04 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-25 13:04 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-25 12:59 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-03-25 12:59 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-03-25 12:59 126,976 a----r-- c:\windows\system32\igfxres.dll
2009-03-25 12:56 553 -----r-- c:\windows\USetup.iss
2009-03-25 12:55 9,715,200 -----r-- c:\windows\RTLCPL.exe
2009-03-25 12:55 4,742,656 -----r-- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-25 12:55 16,875,008 -----r-- c:\windows\RTHDCPL.exe
2009-03-25 12:55 2,165,760 -----r-- c:\windows\MicCal.exe
2009-03-25 12:55 57,344 -----r-- c:\windows\Alcmtr.exe
2009-03-25 12:55 2,808,832 -----r-- c:\windows\alcwzrd.exe
2009-03-25 12:55 <DIR> --d----- c:\program files\Realtek
2009-03-25 12:55 278,528 -----r-- c:\windows\system32\ALSndMgr.cpl
2009-03-25 12:55 315,392 a------- c:\windows\HideWin.exe
2009-03-25 12:55 520,192 -----r-- c:\windows\RtlExUpd.dll
2009-03-25 12:54 53,248 a----r-- c:\windows\system32\CSVer.dll
2009-03-25 12:54 <DIR> --d----- C:\Intel
2009-03-25 12:50 4,736 ac------ c:\windows\system32\dllcache\usbd.sys
2009-03-25 12:50 4,736 a------- c:\windows\system32\drivers\usbd.sys
2009-03-25 12:49 30,208 a------- c:\windows\system32\drivers\usbehci.sys
2009-03-25 12:49 7,168 a------- c:\windows\system32\hccoin.dll
2009-03-25 12:49 143,872 a------- c:\windows\system32\drivers\usbport.sys
2009-03-25 12:49 68,096 a------- c:\windows\system32\usbui.dll
2009-03-25 12:49 59,520 a------- c:\windows\system32\drivers\usbhub.sys
2009-03-25 12:49 20,608 a------- c:\windows\system32\drivers\usbuhci.sys
2009-03-25 12:48 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-03-25 12:48 19,584 a------- c:\windows\system32\drivers\rasirda.sys
2009-03-25 12:48 148,992 a------- c:\windows\system32\irftp.exe
2009-03-25 12:48 24,576 a------- c:\windows\system32\irmon.dll
2009-03-25 12:48 8,192 a------- c:\windows\system32\wshirda.dll
2009-03-25 12:48 88,192 a------- c:\windows\system32\drivers\irda.sys
2009-03-25 12:48 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-03-25 12:48 18,688 a------- c:\windows\system32\drivers\irsir.sys
2009-03-24 18:56 163,840 a----r-- c:\windows\system32\fscagent.exe
2009-03-18 22:32 155,648 a----r-- c:\windows\system32\downengine.dll
2009-03-18 20:32 11,502 a------- c:\windows\system32\Mfile.ico

==================== Find3M ====================

2009-04-11 10:35 166,640 a------- c:\windows\system32\perfh012.dat
2009-04-11 10:35 40,130 a------- c:\windows\system32\perfc012.dat
2009-04-11 10:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-10 14:50 75,776 a------- c:\windows\system32\userinit.exe
2009-04-09 14:18 864,256 a------- c:\windows\system32\nsplic.dll
2009-04-08 11:09 135,168 a------- c:\windows\system32\p3aodf1.dll
2009-04-08 11:09 311,296 a------- c:\windows\system32\Bugsctrl.dll
2009-04-08 11:09 167,936 a------- c:\windows\system32\jukeon_e.exe
2009-04-08 11:09 135,168 a------- c:\windows\system32\Bugsedf1.dll
2009-03-17 13:20 606,208 a------- c:\windows\system32\nspupdt.dll
2009-03-10 21:21 1,086,144 a------- c:\windows\system32\NaverAXGuide.exe
2009-03-10 15:08 188,416 a------- c:\windows\system32\TKTool.dll
2009-03-10 15:07 242,176 a------- c:\windows\system32\TKTool64.dll
2009-03-04 11:39 454,656 a------- c:\windows\system32\nspavxml.dll
2009-03-03 15:54 520,192 a------- c:\windows\system32\nspcutil.dll
2009-03-03 15:47 204,800 a------- c:\windows\system32\nspupdtxml.dll
2009-03-03 15:45 208,896 a------- c:\windows\system32\nspmainxml.dll
2009-03-03 14:22 312,032 a------- c:\windows\system32\RequestEnc_OCX.dll
2009-03-03 14:22 275,168 a------- c:\windows\system32\MelonDN1.exe
2009-03-03 14:21 492,256 a------- c:\windows\system32\MelonWebPlayer.dll
2009-03-03 14:21 135,904 a------- c:\windows\system32\p3instl1.dll
2009-03-03 14:21 131,808 a------- c:\windows\system32\p3instl2.dll
2009-02-20 15:05 45,056 a------- c:\windows\system32\nspavcr.dll
2009-02-19 17:05 155,648 a------- c:\windows\system32\nspsysopt.dll
2009-02-15 19:06 1,511,424 a------- c:\windows\system32\sn3win.dll
2009-02-15 19:06 393,216 a------- c:\windows\system32\nspcrypt.dll
2009-02-15 19:06 290,816 a------- c:\windows\system32\WINHTTP5.DLL
2009-02-15 19:06 172,032 a------- c:\windows\system32\dzip32.dll
2009-02-15 19:06 139,264 a------- c:\windows\system32\dunzip32.dll
2009-02-15 19:06 61,440 a------- c:\windows\system32\nspavcm.dll
2009-02-10 13:47 280,112 a------- c:\windows\sktload2.dll
2009-02-10 13:47 280,112 a------- c:\windows\sktload1.dll
2009-02-09 23:03 1,846,400 a------- c:\windows\system32\win32k.sys
2009-01-16 10:22 199,168 a------- c:\windows\system32\TKFsAc64.dll
2009-01-14 15:44 233,565 a------- c:\windows\system32\TKFsAvHook.dll
2009-01-14 15:44 184,832 a------- c:\windows\system32\TKFsFt64.dll
2009-01-14 15:44 143,360 a------- c:\windows\system32\TKFsFt.dll
2009-01-14 15:44 39,048 a------- c:\windows\system32\TKToolNt4.sys
2009-01-14 15:44 28,696 a------- c:\windows\system32\TKTool2k64.sys
2009-01-14 15:44 18,048 a------- c:\windows\system32\TKTool2k.sys

============= FINISH: 12:41:42.71 ===============

I wish if someone can solve this problem. Thank you.

Attached Files


Edited by Yacult_EO, 12 April 2009 - 09:29 PM.


BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:44 AM

Posted 12 April 2009 - 08:26 AM

Hello, Yacult_EO

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.


Let us begin with ComboFix:

ComboFix

Please download ComboFix from one of these locations (If you already have it, delete it and download again):

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Note** ComboFix was designed only to be used under the supervision of a helper, not for general use.

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Yacult_EO

Yacult_EO
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 12 April 2009 - 09:42 PM

Thanks for caring.

I downloaded and used Combofix.

And, oh. It seems that there are no pop_ups after I used it. lol

Maybe it worked.
---------------------------------------------------------------------------------
oops. But after about an hour I used it, spyware works again. :thumbup2:

So I attach the log file.

Attached Files


Edited by Yacult_EO, 12 April 2009 - 10:34 PM.


#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:44 AM

Posted 13 April 2009 - 06:06 AM

A core problem here is that you have 3 Antivirus Programs installed. However I cannot make out the third antivirus, maybe you can.

Remove two Antivirus

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove 2 of either V3 Lite or nProtect, or your other antivirus.

ReScan

Please rescan with DDS and post DDS.txt
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 Yacult_EO

Yacult_EO
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 13 April 2009 - 07:50 AM

Ok. I removed V3 Lite and nProtect.

Also here's the dds log file.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 21:45:40.32 on 2009-04-13
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.949.82.1042.18.2037.1607 [GMT 9:00]

AV: 알약 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
D:\DAEMON Tools Lite\daemon.exe
D:\CDSpace 6\lcdplyer.exe
D:\CDSpace 6\Cdsrcm.exe
C:\Program Files\NATEON\BIN\NATEONMain.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESTsoft\ALToolBar\atbsvc.exe
C:\Documents and Settings\Administrator\바탕 화면\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.naver.com/
uInternet Connection Wizard,ShellNext = hxxp://www.naver.com/
BHO: ALToolbarBho Class: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - c:\program files\estsoft\altoolbar\ALToolBand_1410.dll
TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - c:\program files\estsoft\altoolbar\ALToolBand_1410.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\daemon.exe" -autorun
uRun: [NATEON] c:\program files\nateon\bin\NATEON.exe -as
mRun: [ALYac] "c:\program files\estsoft\alyac\AYUpdate.exe" /run
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [ctfmon.exe] ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\시작메~1\프로그램\시작프~1\lcdpla~1.lnk - d:\cdspace 6\lcdplyer.exe
uPolicies-explorer: MaxRecentDocs = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 알툴바 빠른검색(&Q) - c:\program files\estsoft\altoolbar\ALToolBand_1410.dll/23/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter25.cab
DPF: {12D50929-57AF-4B39-88B9-03B239E4C72E} - hxxp://www.melon.com/decophone/common/VarovisionPlayerX.cab
DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} - hxxp://www.benchbee.co.kr/common/cab/sysinfo2.cab
DPF: {3F68E1C3-39EC-4990-85E3-ABFE61AB86C5} - hxxp://dl.bugsm.co.kr/install/BugsInstaller.cab
DPF: {5244F5E8-34E4-4764-ABDB-04E48BF5872F} - hxxp://www.mma.go.kr/markany/MaWebSAFER_MMA.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://www.mma.go.kr/XecureObject/xw_install.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {917D7D2D-C7BD-4CDB-A3C4-7084FBE6DE78} - hxxp://www.mfile.co.kr/mmsv/MfileWebControl2.CAB
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {9F84D013-66B3-4AB7-946B-11A920A55F06} - hxxp://www.melon.com/cab/sktload.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cab
DPF: {C0B2F53E-5E61-4856-B314-FE9AE262A796} - hxxp://www.melon.com/cab/P3MelWebInstall.cab
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E92D4BD6-F236-4FF0-AC7F-BC17CC6456AA} - hxxp://www.benchbee.co.kr/common/cab/BSpeedTest.cab
DPF: {FDAF910A-7F67-4BF7-9CB2-B65D652DD618} - hxxp://sing.melon.com/melon/player/ocx/MelonSingPlayer.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://cafe.naver.com/common/activex/NaverAXGuide.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 CDSPACEX;CDSPACEX;c:\windows\system32\drivers\CDSPACEX.sys [2009-4-5 51387]
R1 lvmedia;lvmedia;c:\windows\system32\drivers\lvmedia.sys [2009-4-5 17498]
R1 XSpaceWg;XSpaceWg;c:\windows\system32\drivers\xspacewg.sys [2009-4-5 3798]
R4 AhnFlt2k;AhnFlt2k;\??\c:\windows\system32\drivers\ahnflt2k.sys --> c:\windows\system32\drivers\AhnFlt2k.sys [?]
R4 AhnRec2k;AhnRec2k;\??\c:\windows\system32\drivers\ahnrec2k.sys --> c:\windows\system32\drivers\AhnRec2k.sys [?]
R4 AhnRghNt;AhnRghNt;\??\c:\windows\system32\drivers\ahnrghnt.sys --> c:\windows\system32\drivers\AhnRghNt.sys [?]
S3 AYDrvSP_ALYAC;AYDrvSP_ALYAC;c:\program files\estsoft\alyac\AYDrvSP.sys [2009-4-3 24312]
S3 CLRSERV;CLRSERV; [x]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SKTBus;SK Telecom USB Composite device driver;c:\windows\system32\drivers\SKTBus.sys [2009-4-8 28098]
S3 SKTMdm;SK Telecom USB Modem;c:\windows\system32\drivers\SKTMdm.sys [2009-4-8 28820]
S3 SKTOBEX;SK Telecom USB OBEX Device Driver;c:\windows\system32\drivers\SKTOBEX.sys [2009-4-8 15940]
S3 SKTVsp;SK Telecom USB Virtual Serial Port Driver;c:\windows\system32\drivers\SKTVsp.sys [2009-4-8 27541]
S3 SKTWVsp;SK Telecom WIPI Virtual Serial Port Driver;c:\windows\system32\drivers\SKTWVSP.sys [2009-4-8 27514]
S3 TKFsAc;TKFsAc;\??\c:\windows\system32\tkfsac2k.sys --> c:\windows\system32\TKFsAc2k.sys [?]
S3 TKFsAv;TKFsAv;\??\c:\windows\system32\tkfsav2k.sys --> c:\windows\system32\TKFsAv2k.sys [?]
S3 TKFsFt;TKFsFt;\??\c:\windows\system32\tkfsft2k.sys --> c:\windows\system32\TKFsFt2k.sys [?]
S3 TKRgAc;TKRgAc;\??\c:\windows\system32\tkrgac2k.sys --> c:\windows\system32\TKRgAc2k.sys [?]
S3 TKRgFt;TKRgFt;\??\c:\windows\system32\tkrgftxp.sys --> c:\windows\system32\TKRgFtXp.sys [?]
S3 TKTool;TKTool;\??\c:\windows\system32\tktool2k.sys --> c:\windows\system32\TKTool2k.sys [?]

=============== Created Last 30 ================

2009-04-13 21:24 223 a------- c:\windows\system32\AhnInst.ini
2009-04-13 13:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ESTsoft
2009-04-13 12:44 <DIR> --d----- C:\ComboFix
2009-04-13 11:23 161,792 a------- c:\windows\SWREG.exe
2009-04-13 11:23 98,816 a------- c:\windows\sed.exe
2009-04-12 20:23 <DIR> --d----- c:\program files\CCleaner
2009-04-12 20:06 575,088 a------- c:\windows\system32\SKCDecd.ax
2009-04-12 20:06 136,816 a------- c:\windows\system32\SKCMpg.ax
2009-04-12 19:20 <DIR> --d----- c:\windows\system32\RegVac
2009-04-12 19:07 <DIR> --d----- c:\program files\RegVac Registry Cleaner
2009-04-12 18:25 <DIR> --d----- c:\windows\system32\configfix
2009-04-12 18:25 <DIR> --d----- c:\program files\Shield
2009-04-12 12:28 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-12 11:45 <DIR> --d----- c:\program files\EGN
2009-04-12 02:46 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-04-12 02:46 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-12 02:46 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-04-12 02:46 937,984 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-12 02:46 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-04-12 02:46 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-04-12 02:46 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-04-12 02:46 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-04-12 02:46 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-04-11 21:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\AhnLab
2009-04-11 21:57 <DIR> --d----- c:\program files\common files\AhnLab
2009-04-11 21:57 <DIR> --d----- c:\program files\AhnLab
2009-04-11 21:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AhnLab
2009-04-11 10:26 <DIR> --d----- c:\windows\system32\ko
2009-04-11 10:26 <DIR> --d----- c:\windows\system32\bits
2009-04-11 10:26 <DIR> --d----- c:\windows\l2schemas
2009-04-11 10:25 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-11 10:24 <DIR> --d----- c:\windows\network diagnostic
2009-04-11 04:52 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-11 04:50 <DIR> --d----- c:\windows\system32\ko-kr
2009-04-11 04:48 118 a------- c:\windows\system32\MRT.INI
2009-04-10 16:06 <DIR> --d----- C:\Temp
2009-04-10 15:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-10 15:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-04-10 15:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-10 15:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 15:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-10 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-10 15:39 <DIR> --d----- c:\program files\common files\INCAInternet
2009-04-10 15:39 1,511,424 a------- c:\windows\system32\sn3win.dll
2009-04-10 15:39 290,816 a------- c:\windows\system32\WINHTTP5.DLL
2009-04-10 15:39 <DIR> --d----- c:\program files\INCAInternet
2009-04-10 12:19 <DIR> --d----- c:\windows\system32\crc
2009-04-10 12:09 127 a------- c:\windows\system32\fscflist.ini.tmp
2009-04-10 12:09 77,824 a------- c:\windows\system32\nod.dll
2009-04-10 12:09 0 a------- c:\windows\system32\PDBOXGame.html
2009-04-10 12:08 127 a------- c:\windows\system32\fscflist.ini
2009-04-10 12:08 78 a------- c:\windows\system32\fscagent.ini.tmp
2009-04-10 12:08 73 a------- c:\windows\system32\fscagent.ini
2009-04-09 17:11 1,344,688 a------- c:\windows\system32\MelonBell.ocx
2009-04-08 11:58 6,656 a--sh--- c:\windows\system32\Thumbs.db
2009-04-08 11:58 8,192 a--sh--- c:\windows\Thumbs.db
2009-04-08 11:55 406 a------- C:\EFS
2009-04-08 11:35 15,819 a------- C:\aqua_bitmap.cpp
2009-04-08 11:25 69 a------- c:\windows\NeroDigital.ini
2009-04-08 11:24 <DIR> --d----- c:\program files\AonMedia
2009-04-08 11:14 <DIR> --d----- c:\program files\SKT Sync 2.0
2009-04-08 11:14 <DIR> --d----- c:\program files\MelOn Player
2009-04-08 11:09 <DIR> --d----- c:\program files\Bugs
2009-04-08 08:04 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-04-08 08:04 <DIR> --d----- c:\program files\Motorola
2009-04-08 07:55 <DIR> --d----- c:\program files\common files\Motorola Shared
2009-04-08 07:55 28,820 a------- c:\windows\system32\drivers\SKTMdm.sys
2009-04-08 07:55 28,098 a------- c:\windows\system32\drivers\SKTBus.sys
2009-04-08 07:55 27,541 a------- c:\windows\system32\drivers\SKTVsp.sys
2009-04-08 07:55 27,514 a------- c:\windows\system32\drivers\SKTWVSP.sys
2009-04-08 07:55 15,940 a------- c:\windows\system32\drivers\SKTOBEX.sys
2009-04-08 07:55 <DIR> --d----- c:\program files\UniUSB
2009-04-08 07:40 245 a------- c:\windows\system32\p3downasx.asx
2009-04-07 23:30 <DIR> --d----- c:\program files\Guitar Pro 5
2009-04-07 23:10 75 a------- c:\windows\SNMNGR.INI
2009-04-07 22:43 <DIR> --d-h--- C:\XecureSSL
2009-04-07 22:43 <DIR> --d-h--- c:\windows\yessign
2009-04-07 22:43 <DIR> --d----- c:\program files\SoftForum
2009-04-07 22:43 <DIR> --d----- c:\program files\NPKI
2009-04-07 22:42 210 a------- C:\boot_old.ini
2009-04-06 01:16 71,730 a------- c:\windows\War3Unin.dat
2009-04-06 01:16 2,829 a------- c:\windows\War3Unin.pif
2009-04-06 01:16 139,264 a------- c:\windows\War3Unin.exe
2009-04-05 23:57 <DIR> --d----- C:\War3KoreanPatch
2009-04-05 23:33 7,115 a------- c:\windows\system32\drivers\cds6.cfg
2009-04-05 23:33 51,387 a------- c:\windows\system32\drivers\CDSPACEX.sys
2009-04-05 23:33 26,773 a------- c:\windows\system32\LvMedia.vxd
2009-04-05 23:33 17,498 a------- c:\windows\system32\drivers\lvmedia.sys
2009-04-05 23:33 3,798 a------- c:\windows\system32\drivers\xspacewg.sys
2009-04-05 19:58 70,656 a------- c:\windows\ScUnin.exe
2009-04-05 19:58 26,071 a------- c:\windows\scunin.dat
2009-04-05 19:58 967 a------- c:\windows\ScUnin.pif
2009-04-05 19:56 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2009-04-05 19:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-04-05 19:53 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-04-05 19:53 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-04-05 19:52 296,472 a------- c:\windows\system32\NaverFDL.exe
2009-04-05 19:52 292,376 a------- c:\windows\system32\NaverFile.ocx
2009-04-05 19:02 <DIR> --d----- c:\windows\Chinese Master
2009-04-05 18:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\NJStar
2009-04-05 09:20 <DIR> --d----- c:\documents and settings\all users\Application ja_JP
2009-04-05 04:17 83 a------- c:\windows\system32\CafeChat.cfg
2009-04-05 04:15 1,007,616 a------- c:\windows\system32\CafeChat.exe
2009-04-05 04:15 405,504 a------- c:\windows\system32\CafeHelper.ocx
2009-04-05 02:48 251,904 a--sh--- C:\radial.cdb
2009-04-04 22:35 2,728,248 a------- c:\windows\system32\GameMon.des
2009-04-04 22:34 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-04-04 22:34 4,682 a------- c:\windows\system32\npptNT2.sys
2009-04-04 22:34 <DIR> --d----- c:\program files\common files\INCA Shared
2009-04-04 22:20 <DIR> --d-h--- c:\docume~1\admini~1\applic~1\netmarble
2009-04-04 15:24 <DIR> --d----- c:\docume~1\admini~1\applic~1\Clunet
2009-04-04 15:23 <DIR> --d----- c:\program files\mfile.co.kr
2009-04-04 13:08 517,744 a------- c:\windows\system32\skcppl.dll
2009-04-04 13:08 468,592 a------- c:\windows\system32\skcbgm.dll
2009-04-04 13:08 198,256 a------- c:\windows\system32\skcwmf.dll
2009-04-04 13:08 169,584 a------- c:\windows\system32\skcbgm.exe
2009-04-04 13:08 144,744 a------- c:\windows\system32\skcbgmf1.dll
2009-04-04 13:08 67,184 a------- c:\windows\system32\CMListControl.dll
2009-04-03 19:06 1,654,869 a------- c:\docume~1\alluse~1\applic~1\DynuEncrypt.dll
2009-04-03 19:04 <DIR> --d----- C:\Nexon
2009-04-03 18:49 159,744 a------- c:\windows\system32\kdfmgr.exe
2009-04-03 18:49 73,728 a------- c:\windows\system32\kdfapi.dll
2009-04-03 18:49 47,104 a------- c:\windows\system32\Kdfhok.dll
2009-04-03 18:49 61,440 a------- c:\windows\system32\kdfmod.dll
2009-04-03 18:49 373,248 a------- c:\windows\system32\kdfinj.dll
2009-04-03 18:49 <DIR> --d----- c:\windows\kdefense
2009-04-03 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nexon
2009-04-03 18:41 369,976 a------- c:\windows\system32\CKSetup32.exe
2009-04-03 18:41 <DIR> --d----- c:\program files\NATEON
2009-04-03 12:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\Hnc
2009-03-31 23:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\GRETECH
2009-03-25 18:28 1,626,112 a----r-- c:\windows\system32\clubbox.exe
2009-03-25 13:06 270,336 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-25 13:06 270,336 -------- c:\windows\system32\drivers\bthport.sys
2009-03-25 13:05 2,190,848 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-25 13:05 2,146,816 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-25 13:05 2,067,712 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-25 13:05 2,025,472 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-25 13:04 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-25 13:04 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-25 13:04 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-25 13:04 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-25 13:04 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-25 13:04 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-25 12:59 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-03-25 12:59 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-03-25 12:59 126,976 a----r-- c:\windows\system32\igfxres.dll
2009-03-25 12:56 553 -----r-- c:\windows\USetup.iss
2009-03-25 12:55 9,715,200 -----r-- c:\windows\RTLCPL.exe
2009-03-25 12:55 4,742,656 -----r-- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-25 12:55 16,875,008 -----r-- c:\windows\RTHDCPL.exe
2009-03-25 12:55 2,165,760 -----r-- c:\windows\MicCal.exe
2009-03-25 12:55 57,344 -----r-- c:\windows\Alcmtr.exe
2009-03-25 12:55 2,808,832 -----r-- c:\windows\alcwzrd.exe
2009-03-25 12:55 <DIR> --d----- c:\program files\Realtek
2009-03-25 12:55 278,528 -----r-- c:\windows\system32\ALSndMgr.cpl
2009-03-25 12:55 315,392 a------- c:\windows\HideWin.exe
2009-03-25 12:55 520,192 -----r-- c:\windows\RtlExUpd.dll
2009-03-25 12:54 53,248 a----r-- c:\windows\system32\CSVer.dll
2009-03-25 12:54 <DIR> --d----- C:\Intel
2009-03-25 12:50 4,736 ac------ c:\windows\system32\dllcache\usbd.sys
2009-03-25 12:50 4,736 a------- c:\windows\system32\drivers\usbd.sys
2009-03-25 12:49 30,208 a------- c:\windows\system32\drivers\usbehci.sys
2009-03-25 12:49 7,168 a------- c:\windows\system32\hccoin.dll
2009-03-25 12:49 143,872 a------- c:\windows\system32\drivers\usbport.sys
2009-03-25 12:49 68,096 a------- c:\windows\system32\usbui.dll
2009-03-25 12:49 59,520 a------- c:\windows\system32\drivers\usbhub.sys
2009-03-25 12:49 20,608 a------- c:\windows\system32\drivers\usbuhci.sys
2009-03-25 12:48 19,584 ac------ c:\windows\system32\dllcache\rasirda.sys
2009-03-25 12:48 19,584 a------- c:\windows\system32\drivers\rasirda.sys
2009-03-25 12:48 148,992 a------- c:\windows\system32\irftp.exe
2009-03-25 12:48 24,576 a------- c:\windows\system32\irmon.dll
2009-03-25 12:48 8,192 a------- c:\windows\system32\wshirda.dll
2009-03-25 12:48 88,192 a------- c:\windows\system32\drivers\irda.sys
2009-03-25 12:48 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-03-25 12:48 18,688 a------- c:\windows\system32\drivers\irsir.sys
2009-03-24 18:56 163,840 a----r-- c:\windows\system32\fscagent.exe
2009-03-18 22:32 155,648 a----r-- c:\windows\system32\downengine.dll
2009-03-18 20:32 11,502 a------- c:\windows\system32\Mfile.ico

==================== Find3M ====================

2009-04-11 10:35 166,640 a------- c:\windows\system32\perfh012.dat
2009-04-11 10:35 40,130 a------- c:\windows\system32\perfc012.dat
2009-04-11 10:28 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-10 14:50 75,776 a------- c:\windows\system32\userinit.exe
2009-04-08 11:09 135,168 a------- c:\windows\system32\p3aodf1.dll
2009-04-08 11:09 311,296 a------- c:\windows\system32\Bugsctrl.dll
2009-04-08 11:09 167,936 a------- c:\windows\system32\jukeon_e.exe
2009-04-08 11:09 135,168 a------- c:\windows\system32\Bugsedf1.dll
2009-03-10 21:21 1,086,144 a------- c:\windows\system32\NaverAXGuide.exe
2009-03-03 14:22 312,032 a------- c:\windows\system32\RequestEnc_OCX.dll
2009-03-03 14:22 275,168 a------- c:\windows\system32\MelonDN1.exe
2009-03-03 14:21 492,256 a------- c:\windows\system32\MelonWebPlayer.dll
2009-03-03 14:21 135,904 a------- c:\windows\system32\p3instl1.dll
2009-03-03 14:21 131,808 a------- c:\windows\system32\p3instl2.dll
2009-02-10 13:47 280,112 a------- c:\windows\sktload2.dll
2009-02-10 13:47 280,112 a------- c:\windows\sktload1.dll
2009-02-09 23:03 1,846,400 a------- c:\windows\system32\win32k.sys

============= FINISH: 21:45:51.57 ===============

Edited by Yacult_EO, 13 April 2009 - 07:51 AM.


#6 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:44 AM

Posted 13 April 2009 - 08:20 AM

Hello,

Ok, lets do this:

MalwareBytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

ReScan

Please rescan with DDS and post DDS.txt


In your next reply, please post:
  • MBAM log
  • DDS log

Edited by Jat90, 13 April 2009 - 08:20 AM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#7 Yacult_EO

Yacult_EO
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 15 April 2009 - 11:23 PM

Hello. Thank you for caring.

My parents had my computer be formatted.

So my computer is recovered now, although some of my files are gone away. :thumbup2:

But I am satisfied that there are no pop_ups.

Again, I really appreciate your concern and help.

Thank you.

Edited by Yacult_EO, 15 April 2009 - 11:24 PM.


#8 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:44 AM

Posted 16 April 2009 - 05:22 AM

Ok, thanks for letting me know.

Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users