Jump to content

Malwarebytes

Please check my logs if I'm clean.

- - - - -
Started by jho9393, Dec 27 2008 12:25 AM

10 replies to this topic

#1
jho9393
Posted 27 December 2008 - 12:25 AM

    New Member

  • Members
  • Pip
  • 7 posts
Hi. I just had a virusremover2008 infection and removed it by Malwarebytes. Please check to see if I'm clean. I'm sorry if the logs are confusing because my computer is in korean.
FYI, you might see a program called Alyac, which is an Antivirus that uses BitDefender engine.


Malwarebytes' Anti-Malware 1.31
Database version: 1550
Windows 5.1.2600 Service Pack 3

2008-12-26 오전 10:50:22
mbam-log-2008-12-26 (10-50-22).txt

Scan type: Quick Scan
Objects scanned: 59090
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-12-26 16:09:27
PROTECTIONS: 2
MALWARE: 18
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
1.2 Yes Yes
Norton Internet Security 2006 2006 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\family\Cookies\family@doubleclick[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\family\Cookies\family@apmebf[1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP36\A0032006.DLL
00390584 W32/Gamania.gen Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035183.COM
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005832.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005833.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001592.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005879.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005880.dll
00390584 W32/Gamania.gen Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035184.CMD
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005900.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005901.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001662.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006921.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006922.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004833.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004831.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004815.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001593.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004814.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004739.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004738.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008938.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008940.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001663.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004713.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004712.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009957.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009958.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001201.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003712.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003711.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP16\A0010136.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002694.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001196.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002693.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001200.dll
00390584 W32/Gamania.gen Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001587.dll
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037518.BAT
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008943.bat
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007036.bat
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007038.BAT
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008945.BAT
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009963.BAT
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037517.bat
00466721 W32/Lineage.KFS Virus/Worm No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009961.bat
00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009956.dll
00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037519.dll
00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008933.dll
00466740 W32/Lineage.KFS.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP55\A0037520.dll
01162707 HackTool/KillProcWin.A HackTools No 0 No No C:\Documents and Settings\family\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0B.dat[simple_killw.exe]
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP36\A0031728.exe
03064716 W32/Lineage.ITC Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035187.BAT
03116942 W32/Lineage.IWE.worm Virus/Trojan No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035182.EXE
03116944 W32/Lineage.IWE.worm Virus/Trojan No 0 Yes No D:\AUTORUN.FCB
03215839 W32/Lineage.IZF.worm Virus/Worm No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035185.COM
03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008937.sys
03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001197.sys
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001205.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002699.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001649.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001669.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003718.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001639.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008947.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004718.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004725.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009964.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0001240.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004745.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007040.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP13\A0006990.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004820.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP12\A0006947.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006928.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004838.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035179.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001376.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001208.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP5\A0001242.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001378.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP6\A0001641.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001651.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP7\A0001671.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0001682.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0002701.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0003720.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0004720.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004727.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004747.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004822.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP9\A0004840.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0004847.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005840.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005888.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005909.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0006930.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP12\A0006949.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP13\A0006992.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005907.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0007041.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP11\A0005886.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0008948.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0005838.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP14\A0009966.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP10\A0004845.exe
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035181.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP3\A0001184.EXE
03458400 W32/Lineage.JGY Virus No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP8\A0001680.exe
04186255 W32/AutoRun.DJ.worm Virus/Trojan No 1 Yes No D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035180.COM
04301915 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP16\A0010137.dll
04314724 Trj/Lineage.BZE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP15\A0010125.dll
04314752 W32/AutoRun.DJ.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP49\A0035186.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location N
;===============================================================================
================================================================================
=
===================
No C:\Nexon\MapleStory\MapleStory.exe N
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description N
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오전 10:56:08, on 2008-12-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.filenori.co.kr
O15 - Trusted Zone: http://*.filenori.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netm...NMStarter25.cab
O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownloa.../cab/mkdsfw.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.co...iderControl.ocx
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.neff...KCB/scwebsc.cab
O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.allcredit.../xw_install.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangam...averAXGuide.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 11554 bytes

#2
jho9393
Posted 27 December 2008 - 06:57 AM

    New Member

  • Members
  • Pip
  • 7 posts
Help! My system takes a very long time to boot up and my systems is automatically restarting! I don't know what to do... Please help!

#3
AdvancedSetup
Posted 29 December 2008 - 09:56 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
Hello and sorry for the delay but many helpers are away for the Holidays.

Please run the following AntiVirus scanner

Download to the desktop: Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Then run this

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then run Hijackthis and do a scan and save log. Post back all the logs and we'll proceed from there.

#4
jho9393
Posted 29 December 2008 - 08:05 PM

    New Member

  • Members
  • Pip
  • 7 posts
Now my laptop is making weird noises. It seems that the automatically quitting problem ceased, but booting time is still very slow.

Nothing was detected in the CureIt virus scan, so I couldn't find any logs.

Malwarebytes' Anti-Malware 1.31
Database version: 1568
Windows 5.1.2600 Service Pack 3

2008-12-29 오전 11:58:52
mbam-log-2008-12-29 (11-58-52).txt

Scan type: Quick Scan
Objects scanned: 59488
Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 12:00:54, on 2008-12-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WiseCode Shopping BHO Object - {D592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCShopHelper\wccps.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: WiseCode Search BHO Object - {E592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCSearchHelper\wcov.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WiseCode Shopping Band - {00005F54-722B-4861-9A85-0DF22B8F6E17} - C:\Program Files\WCShopHelper\wccps.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.filenori.co.kr
O15 - Trusted Zone: http://*.filenori.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netm...NMStarter25.cab
O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownloa.../cab/mkdsfw.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.co...iderControl.ocx
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.neff...KCB/scwebsc.cab
O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.allcredit.../xw_install.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangam...averAXGuide.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 9627 bytes

#5
AdvancedSetup
Posted 30 December 2008 - 10:49 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
Did you set your NameServer = 192.168.1.101,192.168.1.1 on purpose? This looks like part of a DNS redirect infection.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.



Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer and AFTER the restart run HJT scan and save log.

Post back fresh MBAM and HJT logs.

#6
jho9393
Posted 30 December 2008 - 07:29 PM

    New Member

  • Members
  • Pip
  • 7 posts
To your question, no I didn't do anything with the nameserver. And I don't know if this has anything to do with this problem, but my LAN hasn't been working for months.

Malwarebytes' Anti-Malware 1.31
Database version: 1578
Windows 5.1.2600 Service Pack 3

2008-12-30 오전 11:05:35
mbam-log-2008-12-30 (11-05-35).txt

Scan type: Quick Scan
Objects scanned: 59859
Time elapsed: 13 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오전 11:28:42, on 2008-12-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WiseCode Shopping BHO Object - {D592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCShopHelper\wccps.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: WiseCode Search BHO Object - {E592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCSearchHelper\wcov.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: WiseCode Shopping Band - {00005F54-722B-4861-9A85-0DF22B8F6E17} - C:\Program Files\WCShopHelper\wccps.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.filenori.co.kr
O15 - Trusted Zone: http://*.filenori.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netm...NMStarter25.cab
O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownloa.../cab/mkdsfw.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.co...iderControl.ocx
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.neff...KCB/scwebsc.cab
O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.allcredit.../xw_install.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangam...averAXGuide.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 12209 bytes

#7
AdvancedSetup
Posted 30 December 2008 - 11:43 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
Your system shows your in California. Are you Korean, or do you visit a lot of Korean sites?
The reason I ask is there are many entries for stuff from Korea that I will have you remove if you're not visiting Korean sites on purpose as they could be entry points for Malware. Please let me know.

Your Java still looks to have old items. Please go into your Control Panel, Add/Remove and remove ALL versions of Java.
Then download a NEW copy of JavaRa and have it remove all old versions as well again.
DO NOT install any version of Java right now, we can do that later as needed.

    Download and install CCleaner
  • CCleaner
    [indent]
  • Double-click on the downloaded file "ccsetup215.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and click on the Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts[/indent]

You also need to long to each account on the computer and run MBAM to scan each profile and remove anything found.
Make sure you UPDATE the program first.

#8
jho9393
Posted 31 December 2008 - 01:20 AM

    New Member

  • Members
  • Pip
  • 7 posts

View PostAdvancedSetup, on Dec 30 2008, 03:43 PM, said:

Your system shows your in California. Are you Korean, or do you visit a lot of Korean sites?
The reason I ask is there are many entries for stuff from Korea that I will have you remove if you're not visiting Korean sites on purpose as they could be entry points for Malware. Please let me know.

Yes I am Korean and I occasionally visit Korean websites. But for this purpose, I can remove some Korean sites.

I uninstalled the old version of Java and ran another scan, but did not catch anything.

#9
AdvancedSetup
Posted 31 December 2008 - 08:27 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
[indent]Please note the Holidays are here and I may be unavailable for a few days or more.
Please be patient, I've not forgotten you and will resume assistance when I return
Many of the other helpers are also visiting Family and Friends so please be patient.[/indent]

Okay these are my suggestions for removal.
If you really do use and need these then when you visit said site it should prompt to install it again.

Close all open browsers and chat programs
Start HJT and do a Scan Only and put a check mark on the following items.
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: WiseCode Shopping BHO Object - {D592E739-EF71-42AD-83DC-9711AC14F5A8} - C:\Program Files\WCShopHelper\wccps.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WiseCode Shopping Band - {00005F54-722B-4861-9A85-0DF22B8F6E17} - C:\Program Files\WCShopHelper\wccps.dll
O15 - Trusted Zone: http://*.filenori.co.kr
O15 - Trusted Zone: http://*.filenori.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmstarter/NMStarter25.cab
O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {3450032D-92DA-4033-8672-4E0A2E7C4A7C} (SliderControl Control) - http://music.imbc.com/Player/OCX/SliderControl.ocx
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://softcamp.nefficient.co.kr/KCB/scwebsc.cab
O16 - DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} (SysInfoCJI Class) - http://download.netmarble.net/web/6N/pcche...rmerCJI1004.cab
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} (DacomCrossDomain Control) - http://pgdownload.dacom.net/common/js/cros...CrossDomain.cab
O16 - DPF: {83682BF2-2351-45C1-963C-9BB635A05178} (IssacWebSE2 Class) - http://pgdownload.dacom.net/dacom/IssacWeb...2_6_8_DACOM.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab
O16 - DPF: {CBB45291-871B-4ADA-81D0-40D0C89ABD20} (NetmarbleDownloaderExCtrl Class) - http://download.netmarble.net/web/NMGameCh...oaderEx3013.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://images.hangame.co.kr/naver/music/NaverAXGuide.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96F41D92-D5D2-423E-BAA2-01B8FB4F4BF9}: NameServer = 192.168.1.101,192.168.1.1
Then click on Fix checked then quit HJT

Try running this from Microsoft which can clear up bogus settings for TCP/IP and reset it back to the defaults like it should be.
[indent]Microsoft KB article to reset TCP/IP
One of the components of the Internet connection on your computer is a built-in set of instructions called TCP/IP. TCP/IP can sometimes become corrupted. If you cannot connect to the Internet and you have tried all other methods to resolve the problem, TCP/IP might be causing it.
Because TCP/IP is a core component of Windows, you cannot remove it. However, you can reset TCP/IP to its original state by using the NetShell utility (netsh)
How to reset Internet Protocol (TCP/IP) in Windows XP[/indent]

Try shutting down your PC and unplugging your ROUTER and ISP/Cable Modem for about 3 minutes. Then startup the Cable Modem wait a minute and start up the Router, then wait a minute or so and start up your PC.
Hopefully this will clear up any issues with the router and name server, if this setting is still there then you may need to reset the router back to factory default settings.

Just to make sure, Please update MBAM and do another Quick Scan and fix anything found, then RESTART the computer.
After the restart run HJT, scan and save log.

Post back FULL MBAM, HJT logs on your next reply.
Also let me know how the system is running and if your still experiencing anything to indicate you may still be infected.

I might not be able to get back with you on this for a few days, please be patient.

#10
AdvancedSetup
Posted 03 January 2009 - 08:38 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
Please provide some feedback on this

#11
AdvancedSetup
Posted 04 January 2009 - 09:42 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,574 posts
  • Gender:Male
  • Location:US
No reply, closing post
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us