jho9393
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by jho9393
-
So does this mean that I can't get my laptop back?
-
My laptop's been making weird grinding noises from the left side of it. Also, my laptop takes really long to load the icons when booting. Thank you for any help.
-
Please check my logs if I'm clean.
jho9393 replied to jho9393's topic in Resolved Malware Removal Logs
Yes I am Korean and I occasionally visit Korean websites. But for this purpose, I can remove some Korean sites. I uninstalled the old version of Java and ran another scan, but did not catch anything. -
Please check my logs if I'm clean.
jho9393 replied to jho9393's topic in Resolved Malware Removal Logs
To your question, no I didn't do anything with the nameserver. And I don't know if this has anything to do with this problem, but my LAN hasn't been working for months. Malwarebytes' Anti-Malware 1.31 Database version: 1578 Windows 5.1.2600 Service Pack 3 2008-12-30 오전 11:05:35 mbam-log-2008-12-30 (11-05-35).txt Scan type: Quick Scan Objects scanned: 59859 Time elapsed: 13 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 오전 11:28:42, on 2008-12-30 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Nexon\MapleStory\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WiseCode Shopping BHO Object - {D592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCShopHelper\wccps.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: WiseCode Search BHO Object - {E592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCSearchHelper\wcov.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: WiseCode Shopping Band - {00005F54-722B-4861-9A85-0DF22B8F6E17} - C:\Program Files\WCShopHelper\wccps.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.filenori.co.kr O15 - Trusted Zone: http://*.filenori.com O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.nefficient.co.kr/KCB/scwebsc.cab O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.allcredit.co.kr/XecureObject/xw_install.cab O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangame.co.kr/naver/music/NaverAXGuide.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) -- End of file - 12209 bytes -
Please check my logs if I'm clean.
jho9393 replied to jho9393's topic in Resolved Malware Removal Logs
Now my laptop is making weird noises. It seems that the automatically quitting problem ceased, but booting time is still very slow. Nothing was detected in the CureIt virus scan, so I couldn't find any logs. Malwarebytes' Anti-Malware 1.31 Database version: 1568 Windows 5.1.2600 Service Pack 3 2008-12-29 오전 11:58:52 mbam-log-2008-12-29 (11-58-52).txt Scan type: Quick Scan Objects scanned: 59488 Time elapsed: 8 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 오후 12:00:54, on 2008-12-29 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Nexon\MapleStory\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WiseCode Shopping BHO Object - {D592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCShopHelper\wccps.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: WiseCode Search BHO Object - {E592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCSearchHelper\wcov.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: WiseCode Shopping Band - {00005F54-722B-4861-9A85-0DF22B8F6E17} - C:\Program Files\WCShopHelper\wccps.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.filenori.co.kr O15 - Trusted Zone: http://*.filenori.com O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.nefficient.co.kr/KCB/scwebsc.cab O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.allcredit.co.kr/XecureObject/xw_install.cab O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangame.co.kr/naver/music/NaverAXGuide.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) -- End of file - 9627 bytes -
Please check my logs if I'm clean.
jho9393 replied to jho9393's topic in Resolved Malware Removal Logs
Help! My system takes a very long time to boot up and my systems is automatically restarting! I don't know what to do... Please help! -
Hi. I just had a virusremover2008 infection and removed it by Malwarebytes. Please check to see if I'm clean. I'm sorry if the logs are confusing because my computer is in korean. FYI, you might see a program called Alyac, which is an Antivirus that uses BitDefender engine. Malwarebytes' Anti-Malware 1.31 Database version: 1550 Windows 5.1.2600 Service Pack 3 2008-12-26 오전 10:50:22 mbam-log-2008-12-26 (10-50-22).txt Scan type: Quick Scan Objects scanned: 59090 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-12-26 16:09:27 PROTECTIONS: 2 MALWARE: 18 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== 1.2 Yes Yes Norton Internet Security 2006 2006 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\family\Cookies\family@doubleclick[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\family\Cookies\family@apmebf[1].txt 00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP36\A0032006.DLL 00390584 W32/Gamania.gen Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035183.COM 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005832.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005833.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001592.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005879.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005880.dll 00390584 W32/Gamania.gen Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035184.CMD 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005900.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005901.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001662.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006921.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006922.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004833.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004831.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004815.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001593.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004814.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004739.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004738.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008938.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008940.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001663.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004713.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004712.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009957.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009958.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001201.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003712.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003711.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP16\A0010136.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002694.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001196.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002693.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001200.dll 00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001587.dll 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037518.BAT 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008943.bat 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007036.bat 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007038.BAT 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008945.BAT 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009963.BAT 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037517.bat 00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009961.bat 00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009956.dll 00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037519.dll 00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008933.dll 00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037520.dll 01162707 HackTool/KillProcWin.A HackTools No 0 No No C:\Documents and Settings\family\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat[simple_killw.exe] 02164907 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP36\A0031728.exe 03064716 W32/Lineage.ITC Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035187.BAT 03116942 W32/Lineage.IWE.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035182.EXE 03116944 W32/Lineage.IWE.worm Virus/Trojan No 0 Yes No D:\AUTORUN.FCB 03215839 W32/Lineage.IZF.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035185.COM 03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008937.sys 03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001197.sys 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001205.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002699.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001649.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001669.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003718.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001639.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008947.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004718.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004725.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009964.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0001240.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004745.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007040.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP13\A0006990.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004820.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP12\A0006947.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006928.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004838.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035179.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001376.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001208.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0001242.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001378.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001641.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001651.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001671.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0001682.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002701.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003720.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004720.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004727.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004747.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004822.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004840.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0004847.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005840.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005888.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005909.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006930.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP12\A0006949.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP13\A0006992.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005907.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007041.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005886.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008948.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005838.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009966.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0004845.exe 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035181.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001184.EXE 03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0001680.exe 04186255 W32/AutoRun.DJ.worm Virus/Trojan No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035180.COM 04301915 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP16\A0010137.dll 04314724 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP15\A0010125.dll 04314752 W32/AutoRun.DJ.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035186.dll ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location N ;=============================================================================== ================================================================================ = =================== No C:\Nexon\MapleStory\MapleStory.exe N ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description N ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 오전 10:56:08, on 2008-12-26 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Nexon\MapleStory\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.filenori.co.kr O15 - Trusted Zone: http://*.filenori.com O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.nefficient.co.kr/KCB/scwebsc.cab O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.allcredit.co.kr/XecureObject/xw_install.cab O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangame.co.kr/naver/music/NaverAXGuide.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing) -- End of file - 11554 bytes