urtbk / nexplore virus?

Unknown

Hello!
Thank you a million time in advance to anyone who'll help me.

I luckily got this laptop for free from a friend (I think he used it for about 2 years). But I've had this problem with random popups coming up whenever I use an internet browser, and... being a very non-tech person, I just closed the popup whenever it came up, and tried not to deal with it much. But recently it's been getting worse. The popups usually have urtbk.com or nexplore in their url, and sometimes 50 Internet tabs start opening on their own. The computer has also turned very sluggish, and now Internet doesn't let me access either Hotmail or Gmail. Sometimes, even the Internet browser itself is "cut off" at the bottom of the screen, so that I can only view a portion of a page.

Please be patient with me as I will be asking many questions (again, not a tech-savvy person). I sort of imitated others by starting out and running the Hijackthis program and pasted what I've got here.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 10:12:17, on 2009-07-05
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Keyboard Driver\StartAutorun.exe
C:\Program Files\Common Files\AhnLab\ACA\acasp.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Keyboard Driver\KMConfig.exe
C:\Program Files\Keyboard Driver\KMProcess.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Norton 툴바 보기 - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [domuvepazi] Rundll32.exe "C:\ProgramData\bulilufu\bulilufu.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [8e36f918] rundll32.exe "C:\ProgramData\dugaseyo\dugaseyo.dll",b
O4 - HKCU\..\Run: [CPM8d05ca84] Rundll32.exe "C:\ProgramData\nafuwuri\nafuwuri.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1AD649C1-8B55-4033-9019-CF452DB5499E} (ToonsXParan Control) - http://comic.paran.com/tns_web2/ToonsXParan3.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
O16 - DPF: {25B1B4C6-BB14-4D2A-A57C-1EB08A5021CD} (PandoraTVControl Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/enjsoft2/PandoraTVControl.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/activex/SimFileControl.cab
O16 - DPF: {29BC57E0-018D-46D2-B233-338B779C169C} (WebShell Control) - http://www.mrblue.com/webcube/control/WebCube.cab
O16 - DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} (ZFile File Control) - http://download.zfile.co.kr/ZFileWebControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31547BE4-40A1-4F53-8DC6-40553BBEAA44} (ClubHard WebControl V2) - http://www.clubhard.co.kr/append/application/ClubHardCtrl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49EA1597-4149-42FC-A01D-A03E07980D37} (WiseInstaller Class) - http://elibrary.wisebook.com/for_install/WiseInstaller.dll
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex/HanGamePlugin19.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D1317E0-98DD-4A64-907A-DCF3BBD28BA5} (Sol2_AXServerFileX Control) - http://www.atomfile.co.kr/p2p/ActiveX/Sol2_SeverFileX.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {5FB84F9E-70FF-4B98-B47A-8F530F8D4AF0} (BKChatClientX Control) - http://www.koreadaily.com/_dev/activeX/BKChatClient.cab
O16 - DPF: {61FDA6C5-3F5D-44D9-9CED-1D7AC727ACE0} (CueControl Control) - http://touch.imbc.com/ActiveX/Pointory/CueControl.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} (BBSFileUpload Control) - http://imbbs.imbc.com/controls/BBSFileUpload.cab
O16 - DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} (ToonsXContentsPlug Control) - http://comic.daum.net/download/new/ToonsXContentsPlug.cab
O16 - DPF: {692141E8-D3D1-49E0-BB94-2C8FBB1D69DE} (MrBlue.ComicsViewer) - http://www.mrblue.com/viewer_comics/control/ComicsViewer.CAB
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranactivex/data/imweb.cab
O16 - DPF: {7A9935D3-9B3C-4382-B62A-45CF92B18D74} (Uploader Class) - http://cyimg8.cyworld.com/storyRoom/CyImgResize.cab
O16 - DPF: {7D71E87E-FF6D-45D6-813F-BDFD10A355A8} (momodisk File Control1) - http://www.momodisk.com/mmsv/momodiskWebControl.CAB
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/vista/xw_install.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/vista/maxhelper/MnetHelper.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/activex/NaverFile.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/vista/INIwallet50.cab
O16 - DPF: {A444A75B-D0C1-4440-B830-4F8206ADE1F5} (EzPDFLauncherX2 Control) - http://ebookcase.genomad.co.kr/download/ezPDFLauncherX2.cab
O16 - DPF: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} (Naver Mail BigFile Upload Control2) - http://mail1.naver.com/activex/NvBigFileUpload2_NT.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - https://vbv.samsungcard.co.kr/ubikey/VineTransfer.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.com/common/HanAgent.cab
O16 - DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} (search_cb Control) - http://www.cdkey.co.kr/ax_cb/cb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://vbv.samsungcard.co.kr/keycrypt/npkcx_vista.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - http://plugin.inicis.com/wallet60/INIwallet60_vista.cab
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control) - https://pay.kcp.co.kr/plugin/file_vista/payplus.cab
O16 - DPF: {E4812635-737D-443F-BEF4-02A4FF837D99} (UpdateCtrl Control) - http://cdn.pandora.tv/noraebang/UpdateCtrl_v1015/UpdateCtrl.cab
O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} (PcubeSet Class) - http://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
O16 - DPF: {F4F08D66-EE06-4015-9EEF-5C136266B7D1} (ToonsXParan2 Control) - http://comic.paran.com/tns_web/ToonsXParan2.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://file.naver.com/activex/NaverAXGuide.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986911efd5ab0) (gupdate1c986911efd5ab0) - Google Inc - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: npkcagentsvc - - C:\Windows\system32\npkcagentsvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Windows\system32\npkcmsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 18812 bytes

By the way, this laptop's system(?) is in Korean.
Thank you so much.

chiaz

Hey there, welcome.


Please download Malwarebytes' Anti-Malware by clicking the link below:
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

=====================================================================

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you. It is also available at C:\ComboFix.txt.


Please post the MBAM log, C:\ComboFix.txt`as well as a new HijackThis log in your reply.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

sophieroh

Sorry sorry.. I wanted to get back to you earlier but I seem to be having a problem with running Malwarebytes. I did click "Quick Scan" but it's been going over 3 hours.. and it seems to be stuck on "c:\user\appdata\local\temp". I followed the address to the "temp" folder, but I didn't see that many files. And the "objects scanned" is reaching 200,000... What should I do?

*Edit: so far, no "malicious objects" had been found, and I pressed "Abort" for now.

chiaz

Please do this before carrying out my instructions above...hopefully it will clear out many of the temporary files and make scan time lower for you.

Please download CCleaner (freeware) from here.
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner.

The following should be selected by default, if not, please select:


Then please click and choose

Please uncheck

Then go back to and click to run it.


Now run a new scan with MBAM, ComboFix and HijackThis per the instructions in my previous post.

sophieroh

First, I did download Ccleaner and it helped me clean out the temporary files. But I'm still having a problem with MBAM.

It seems to work fine for the first 8 minutes or so.. then slows down.. and at around 11 minutes, just a few seconds after it finds 1 infected file, an error message comes up that says MBAM is unreponding and that it must close. It was "scanning known directories," whe MBAM suddenly shut down.

Just curious, I ran a MBAM scan in just the C:\programdata\ folder because there seemed to be A LOT of things on there that I didn't know what they were. MBAM reported back saying that I have 64 infected files. Here's the log, if you're interested.

Malwarebytes' Anti-Malware 1.38
Database version: 2357
Windows 6.0.6000
2009-07-07 오후 6:04:03
mbam-log-2009-07-07 (18-04-03).txt
Scan type: Quick Scan
Objects scanned: 14667
Time elapsed: 3 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 64
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\programdata\banusilo\banusilo.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\beyunahu\beyunahu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\bowekili\bowekili.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\bupuzota\bupuzota.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\dakabedu\dakabedu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\damokiju\damokiju.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\dedufaro\dedufaro.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\diluyevu\diluyevu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\dunevevu\dunevevu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\fazotapa\fazotapa.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\fenulile\fenulile.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\fuzogofu\fuzogofu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\galawulu\galawulu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\ganezale\ganezale.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\gasoluna\gasoluna.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\gawomanu\gawomanu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\giyifuvo\giyifuvo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\gogitaya\gogitaya.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\hetatevi\hetatevi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\hibetajo\hibetajo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\higatobo\higatobo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\hosezora\hosezora.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\huteyafu\huteyafu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\jevaziji\jevaziji.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\kawubile\kawubile.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\kiritibi\kiritibi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\kunatifo\kunatifo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\memezori\memezori.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\mijepubi\mijepubi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\minukure\minukure.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\mitayiru\mitayiru.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\nedaweru\nedaweru.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\neyeriyi\neyeriyi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\nusimoji\nusimoji.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\pevisepe\pevisepe.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\puhewomo\puhewomo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\rozejeyo\rozejeyo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\sekeweti\sekeweti.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\sobifemo\sobifemo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\tafuwofi\tafuwofi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\tajehebu\tajehebu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\turozuzo\turozuzo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\venosofu\venosofu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\vezaliyu\vezaliyu.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\vusiwumi\vusiwumi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\vutuhine\vutuhine.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\wabuvoto\wabuvoto.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wavoriro\wavoriro.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wibetaje\wibetaje.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wijugoje\wijugoje.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wiyezute\wiyezute.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wofijufi\wofijufi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wohokugo\wohokugo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\womijuwi\womijuwi.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\womupewo\womupewo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\wujiwibe\wujiwibe.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\yevozoga\yevozoga.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\yirifamo\yirifamo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\yubutebe\yubutebe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\programdata\zazuvopa\zazuvopa.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\zidetuhe\zidetuhe.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\zoyemeyo\zoyemeyo.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\zubelife\zubelife.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.
c:\programdata\zunumava\zunumava.dll (Trojan.Vundo.V) -> Quarantined and deleted successfully.

I then tried to run the MBAM quick scan in the Safe Mode, but pretty much the same happened, except that it did not show the one infected file. It did, again, however, shut down as it was "scanning known directories."

Finally, I did what some people suggested on other sites: change the name of the program itself. But this didn't seem to work either.. I'm pretty stuck.

chiaz

Thanks for letting me know.

Go on to run ComboFix then, and post back with C:\ComboFix.txt`as well as a new HijackThis log.

sophieroh

Here's my ComboFix log..

ComboFix 09-07-08.04 - 노유경 you kyung no 2009-07-08 22:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic K 6.0.6000.0.949.82.1042.18.1014.388 [GMT -7:00]
Running from: c:\users\노유경 you kyung no\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090708-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: V3 Internet Security *On-access scanning enabled* (Outdated) {D881C1F7-6566-4C80-82F8-BA5258DDD50E}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: V3 Internet Security *enabled* {6CBF11B7-327F-4AB6-BBD3-AE8650A9D64C}
SP: avast! antivirus 4.8.1335 [VPS 090708-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: V3 Internet Security *enabled* (Outdated) {A76B6124-79C3-4F6E-965C-81E87FAAA5FC}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section - STAGE 3
&은(는) 예상되지 않았습니다.
PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: ProgramsFile
PEV Error: ProgramsFolder
PEV Error: StartUpFile
PEV Error: UserFile
PEV Error: UserFolder
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\$recycle.bin\S-1-5-21-3358227249-3840459806-2497602801-500
c:\programdata\pumulede\pumulede.dll
c:\windows\Installer\14604754.msi
c:\windows\Installer\14c178.msi
.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.
2009-07-09 05:35 . 2009-07-09 05:36

---

d

---

w- c:\users\노유경 you kyung no\AppData\Local\temp
2009-07-09 03:01 . 2009-07-09 03:01

---

d

---

w- C:\VundoFix Backups
2009-07-09 01:47 . 2009-07-09 01:47

---

d--h--w- C:\$AVG8.VAULT$
2009-07-09 01:32 . 2009-07-09 01:32

---

d

---

w- c:\program files\AVG
2009-07-09 01:32 . 2009-07-09 03:21

---

d

---

w- c:\programdata\avg8
2009-07-09 00:49 . 2009-07-09 00:49

---

dc----w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 23:24 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-08 23:24 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-08 23:24 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-08 23:24 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-08 23:24 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-08 23:23 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-08 23:23 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-07-08 23:23 . 2009-07-09 03:47

---

d

---

w- c:\program files\Avast
2009-07-08 01:57 . 2009-07-08 01:58

---

d

---

w- c:\programdata\ESTsoft
2009-07-08 00:13 . 2009-07-09 05:35

---

d

---

w- c:\programdata\pumulede
2009-07-07 06:52 . 2009-07-07 06:52

---

d

---

w- c:\program files\CCleaner
2009-07-07 00:32 . 2009-07-08 00:12

---

d

---

w- c:\programdata\wimogesu
2009-07-06 05:13 . 2009-07-06 05:34

---

d

---

w- c:\programdata\vogibeti
2009-07-06 05:01 . 2009-07-06 05:12

---

d

---

w- C:\HJT
2009-07-05 03:37 . 2009-07-05 03:59

---

d

---

w- c:\programdata\juviwuzi
2009-07-04 16:34 . 2009-07-04 17:02

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\Download Manager
2009-07-04 08:48 . 2009-07-04 08:48

---

d

---

w- c:\program files\Bonjour
2009-07-04 08:24 . 2009-07-04 08:24

---

d

---

w- c:\program files\Common Files\Macrovision Shared
2009-07-04 07:07 . 2009-07-04 07:51

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\BitTorrent
2009-07-04 07:07 . 2009-07-04 07:07

---

d

---

w- c:\program files\BitTorrent
2009-07-03 15:05 . 2009-07-03 15:26

---

d

---

w- c:\programdata\yubiwojo
2009-07-02 15:02 . 2009-07-02 15:23

---

d

---

w- c:\programdata\foponiga
2009-07-02 03:02 . 2009-07-02 03:24

---

d

---

w- c:\programdata\zosoyiro
2009-07-01 14:52 . 2009-07-01 15:15

---

d

---

w- c:\programdata\fusihove
2009-07-01 06:06 . 2009-07-01 06:06

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\Malwarebytes
2009-07-01 06:06 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 06:06 . 2009-07-01 06:06

---

d

---

w- c:\programdata\Malwarebytes
2009-07-01 06:06 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 06:06 . 2009-07-08 07:24

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2009-06-28 22:49 . 2009-07-01 07:20

---

d

---

w- c:\programdata\zoyojuga
2009-06-28 03:47 . 2009-07-04 07:06

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\skypePM
2009-06-28 03:19 . 2009-07-04 08:48

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\Skype
2009-06-28 03:18 . 2009-06-28 03:18

---

d

---

w- c:\program files\Common Files\Skype
2009-06-28 03:18 . 2009-06-28 03:18

---

d

---

r- c:\program files\Skype
2009-06-28 03:18 . 2009-06-28 03:18

---

d

---

w- c:\programdata\Skype
2009-06-26 16:07 . 2009-06-27 16:06

---

d

---

w- c:\programdata\pohakite
2009-06-25 02:47 . 2008-08-04 23:44 1060808 ----a-w- c:\users\노유경 you kyung no\AppData\Roaming\Mozilla\Firefox\Profiles\3u3k6ysy.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}\chrome\cache\megauper.exe
2009-06-25 02:45 . 2009-06-26 01:15

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\AIMPro
2009-06-25 02:44 . 2009-06-25 02:44

---

d

---

w- c:\program files\Common Files\Nullsoft
2009-06-25 02:44 . 2009-06-25 02:44

---

d

---

w- c:\program files\AIM
2009-06-25 02:43 . 2009-06-25 02:43

---

d

---

w- c:\users\노유경 you kyung no\AppData\Roaming\AIM
2009-06-14 11:09 . 2009-06-14 11:09 36864 ----a-w- c:\windows\system32\drivers\scsk4.sys
2009-06-14 11:08 . 2009-06-14 11:08

---

d

---

w- c:\program files\KCP
2009-06-10 16:14 . 2009-06-10 16:14 655360 ----a-w- c:\windows\system32\ISPPopUpDlg.exe
2009-06-10 09:34 . 2009-04-21 12:04 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 09:34 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 09:34 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 05:22 . 2006-12-26 04:38

---

d

---

w- c:\program files\Common Files\Symantec Shared
2009-07-09 05:21 . 2006-12-26 04:38

---

d

---

w- c:\programdata\Symantec
2009-07-09 05:21 . 2006-12-26 04:38

---

d

---

w- c:\program files\Symantec
2009-07-09 04:59 . 2009-07-09 04:59 197 ----a-w- c:\windows\UnALYac.dat
2009-07-09 04:41 . 2006-11-07 06:30 70524 ----a-w- c:\windows\system32\perfc012.dat
2009-07-09 04:41 . 2006-11-07 06:30 265828 ----a-w- c:\windows\system32\perfh012.dat
2009-07-08 02:09 . 2008-06-07 16:13 1356 ----a-w- c:\users\노유경 you kyung no\AppData\Local\d3d9caps.dat
2009-07-08 01:57 . 2008-01-20 17:49

---

d

---

w- c:\program files\ESTsoft
2009-07-07 07:05 . 2006-12-26 04:27

---

d

---

w- c:\programdata\Sony Corporation
2009-07-07 00:32 . 2009-04-07 00:32 80896

---

w- c:\programdata\wimogesu\wimogesu.dll
2009-07-06 05:13 . 2009-04-06 05:13 81920

---

w- c:\programdata\vogibeti\vogibeti.dll
2009-07-06 04:30 . 2006-12-26 01:54

---

d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 03:37 . 2009-04-05 03:37 80896

---

w- c:\programdata\juviwuzi\juviwuzi.dll
2009-07-04 17:41 . 2009-02-04 06:21

---

d

---

w- c:\program files\Google
2009-07-04 17:38 . 2007-08-15 03:02 103592 ----a-w- c:\users\노유경 you kyung no\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-04 08:48 . 2006-12-26 04:20

---

d

---

w- c:\program files\Common Files\Adobe
2009-07-03 15:05 . 2009-04-03 15:05 81408

---

w- c:\programdata\yubiwojo\yubiwojo.dll
2009-07-02 15:02 . 2009-04-02 15:02 80896

---

w- c:\programdata\foponiga\foponiga.dll
2009-07-02 03:02 . 2009-04-02 03:02 81408

---

w- c:\programdata\zosoyiro\zosoyiro.dll
2009-07-01 14:52 . 2009-04-01 14:52 80896

---

w- c:\programdata\fusihove\fusihove.dll
2009-06-28 22:49 . 2009-03-28 22:49 80896

---

w- c:\programdata\zoyojuga\zoyojuga.dll
2009-06-28 03:47 . 2009-06-28 03:47 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-06-26 16:07 . 2009-03-26 16:07 80896

---

w- c:\programdata\pohakite\pohakite.dll
2009-05-19 04:08 . 2008-04-13 16:00

---

d

---

w- c:\program files\Windows Live
2009-05-19 03:57 . 2008-04-13 16:00

---

dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-05-19 03:46 . 2008-03-01 18:45

---

d

---

w- c:\programdata\WLInstaller
2009-05-13 11:30 . 2006-11-02 11:18

---

d

---

w- c:\program files\Windows Mail
2009-05-11 22:42 . 2009-05-11 22:36

---

d

---

w- c:\programdata\Lavasoft
2009-05-11 22:42 . 2009-05-11 23:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-11 22:41 . 2009-05-11 22:42 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-11 22:22 . 2009-05-11 22:22

---

d

---

w- c:\program files\Windows Live Safety Center
2009-04-24 16:22 . 2009-06-10 09:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:14 . 2009-06-10 09:33 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-04-24 16:14 . 2009-06-10 09:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 16:11 . 2009-06-10 09:33 72704 ----a-w- c:\windows\system32\admparse.dll
2009-04-24 13:53 . 2009-06-10 09:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-24 12:25 . 2009-06-10 09:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-04-14 19:59 . 2009-04-14 19:59 6069144 ----a-w- c:\users\노유경 you kyung no\AppData\Roaming\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip742.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-20 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-03-20 1006264]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"PrepareYourVAIO"="c:\program files\Sony\Prepare your VAIO\PYVAlert.exe" [2006-11-28 477304]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"KMCONFIG"="c:\program files\Keyboard Driver\StartAutorun.exe" [2007-03-06 212992]
"AhnLab Session Process"="c:\progra~1\COMMON~1\AhnLab\ACA\ACASP.exe" [2008-08-22 63656]
"AHNSD"="c:\program files\AhnLab\Smart Update Utility\AhnSD.exe" [2009-04-08 191176]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"avast!"="c:\progra~1\Avast\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UnALYac"="c:\windows\UnALYac.exe" [2008-10-23 107976]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 01:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=&quot;Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=&quot;Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YTN 뉴스 ON.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\YTN 뉴스 ON.lnk
backup=c:\windows\pss\YTN 뉴스 ON.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^노유경 you kyung no^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\노유경 you kyung no\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DC72AFBA-9383-411B-8376-376CCA3AFD1F}"= UDP:c:\windows\System32\skcbgm.exe:SK Communications Cyworld BGM Player
"{71FD6775-8038-4007-9831-BF5EB1F5E7E1}"= TCP:c:\windows\System32\skcbgm.exe:SK Communications Cyworld BGM Player
"{910AB51C-BEB7-4ED3-B6B8-FC802E66A000}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D390AD43-1364-454F-A5A0-8A2666A773F5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CB89B583-D9F4-434C-AF00-C1C668225160}"= UDP:c:\windows\System32\pdrtvsvr.exe:PandoraTV VoD Control
"{35C76987-D28C-433D-A53B-F771A5635EC9}"= TCP:c:\windows\System32\pdrtvsvr.exe:PandoraTV VoD Control
"TCP Query User{489BFCB7-D1B4-47FC-82CA-B6C1EAC2C23A}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{96EB76A7-9FCF-4920-A9E2-9EF2D92F49D8}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{BAF9E435-BC8C-43AC-83EC-E0CCF36FF189}c:\\program files\\동키호테\\donkeyhote.exe"= UDP:c:\program files\동키호테\donkeyhote.exe:Donkeyhote
"UDP Query User{DCB90AB6-E673-48A1-84E4-54C52DA89CF7}c:\\program files\\동키호테\\donkeyhote.exe"= TCP:c:\program files\동키호테\donkeyhote.exe:Donkeyhote
"TCP Query User{9C8A8C7C-3D76-4DB9-BA7E-3BBAC9556116}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{C71D8C2D-359B-4CCD-94FF-8B427048D561}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{C003D8F1-9466-4007-89EE-A6F5577C246E}c:\\windows\\system32\\clubbox.exe"= UDP:c:\windows\system32\clubbox.exe:CLUBBOX File Transfer Manager V2
"UDP Query User{D6D75BFE-75DC-47C7-9316-98EF594A60A1}c:\\windows\\system32\\clubbox.exe"= TCP:c:\windows\system32\clubbox.exe:CLUBBOX File Transfer Manager V2
"{AD0A44FC-98C2-4569-A380-3E9AED75E1C1}"= UDP:c:\windows\System32\P3MxSvr.exe:Maxmp3 AoD Control
"{62F1293A-696C-4991-B515-05B1999271B0}"= TCP:c:\windows\System32\P3MxSvr.exe:Maxmp3 AoD Control
"{D8D5F0A3-38C5-4461-9101-FE4962BFA925}"= UDP:c:\windows\System32\p3mxvsvr.exe:MAXMP3 VOD Control
"{D85F23A7-E29C-4278-9A62-2DEA6DF95C70}"= TCP:c:\windows\System32\p3mxvsvr.exe:MAXMP3 VOD Control
"{878B2FD4-A20A-4542-80FB-B41C0B146033}"= UDP:c:\windows\System32\mnetasvr.exe:MNet AoD Server
"{AC18BC15-880B-4FA0-8835-9B395267536A}"= TCP:c:\windows\System32\mnetasvr.exe:MNet AoD Server
"{6F7F7274-C61F-40AF-B1FD-56E9003F49D1}"= UDP:c:\windows\System32\mnetvsvr.exe:MNet VoD Server
"{A55473D3-EA52-4ED9-AB14-2FD2A905B22B}"= TCP:c:\windows\System32\mnetvsvr.exe:MNet VoD Server
"{7FC7A180-1FB0-4B94-99D1-E7A955147199}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AE3F669D-BA8C-46CC-88BC-08C19DA90796}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{07E085AA-88FA-4AB3-83E2-8E937084CEAC}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EF83B9CE-BBE5-46B9-874C-1E6F17B21C9A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{27BA7920-F808-44B5-9123-C4D20FC0EF47}"= UDP:c:\program files\Monkey3\Monkey3.exe:Monkey3
"{98A7D6AF-2BBA-4133-9190-7569115AFB38}"= TCP:c:\program files\Monkey3\Monkey3.exe:Monkey3
"{9C495821-A467-4A1E-A6E6-7B6E8B960D26}"= UDP:5435:Monkey3
"{736CC81B-26F4-43E5-89BD-C398650DBFF5}"= TCP:5435:Monkey3
"{C291525A-B7CD-42BE-8CA8-37079FD3AAC6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EF5B775B-1D08-405A-AE5A-C6DD1FCFD929}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4C0F367A-449C-423B-8784-6CDB4D8CB8B1}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{2F3FA260-3543-4890-BC59-5AA74FF0A2DD}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{EF5FB0BD-BEA6-457B-9DC4-1884966E86A0}"= UDP:c:\program files\AhnLab\V3IS2007\MSProxy.ahn:MSProxy.ahn
"{E85415D8-723F-4445-B782-5B2FB97FEA24}"= TCP:c:\program files\AhnLab\V3IS2007\MSProxy.ahn:MSProxy.ahn
"{B69D8B85-0F18-44AC-A629-CFAD6F5CDA74}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{B05C1341-22AF-4E90-8032-EBC9967EF75C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{15970949-B52D-4106-919B-98F680C18F80}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC8853AD-B831-4408-88DD-89C1487CB80A}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{3BCD432E-C30D-428F-9410-FF1B9C83312E}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-05-11 오후 3:42 64160]
R1 AMonLWLH;Ahnlab Light Weight Filter;c:\windows\System32\drivers\AMonLWLH.sys [2009-04-29 오후 6:00 32768]
R1 AMonTDLH;AMonTDLH;c:\windows\System32\drivers\AMonTDLH.sys [2009-04-29 오후 10:34 79872]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-07-08 오후 4:24 114768]
R2 AhnLab Application Service;AhnLab Application Service;c:\program files\Common Files\AhnLab\ACA\acaas.exe [2009-04-27 오후 4:29 32936]
R2 AhnLab Guarantee Service;AhnLab Guarantee Service;c:\program files\Common Files\AhnLab\ACA\acaegmgr.exe [2009-04-27 오후 4:29 47792]
R2 AhnLab Information Service;AhnLab Information Service;c:\program files\Common Files\AhnLab\ACA\acais.exe [2009-04-27 오후 4:29 32936]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\AhnLab\Smart Update Utility\AhnSDsv.exe [2007-08-20 오후 8:20 174792]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-07-08 오후 4:24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-07-08 오후 4:23 51792]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard Driver\KMWDSrv.exe [2007-04-05 오전 11:29 208896]
R3 AhnFlt2k;AhnFlt2k;c:\windows\System32\drivers\AhnFlt2k.sys [2009-04-29 오후 10:34 52592]
R3 AhnRec2k;AhnRec2k;c:\windows\System32\drivers\AhnRec2k.sys [2009-04-29 오후 10:34 20456]
R3 AhnRghNt;AhnRghNt;c:\windows\System32\drivers\AhnRghNt.sys [2009-04-29 오후 10:34 35432]
R3 CdmDrvNt;CdmDrvNt;c:\windows\System32\drivers\cdmdrvnt.sys [2009-04-27 오후 4:29 19640]
R3 ISFWEnt;ISFWEnt;c:\program files\AhnLab\V3IS2007\ISFWENt.sys [2009-04-29 오후 10:39 143952]
R3 ISIPSEnt;ISIPSEnt;c:\program files\AhnLab\V3IS2007\ISIPSENt.sys [2009-04-29 오후 10:39 139464]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2006-12-26 오전 11:27 227328]
S2 gupdate1c986911efd5ab0;Google Update Service (gupdate1c986911efd5ab0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 오후 11:23 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 npkcagentsvc;npkcagentsvc;c:\windows\System32\npkcagentsvc.exe [2007-08-14 오후 11:49 24576]
S3 AhnSZE;AhnSZE;c:\windows\System32\drivers\AhnSZE.sys [2009-04-29 오후 10:39 70528]
S3 ArfMonNt;ArfMonNt;c:\program files\AhnLab\V3IS2007\ArfMonNt.sys [2009-04-29 오후 10:39 118768]
S3 ASZFltNt;ASZFltNt;c:\progra~1\AhnLab\V3IS2007\ASZFltNt.sys [2009-04-29 오후 10:39 112616]
S3 GDISpyDevice;GDISpyDevice;c:\windows\System32\GDISpy.sys [2008-05-02 오전 11:32 38600]
S3 ISPIBEnt;ISPIBEnt;c:\program files\AhnLab\V3IS2007\ISPIBENt.sys [2009-04-29 오후 10:39 128360]
S3 ISPrxEnt;ISPrxEnt;c:\program files\AhnLab\V3IS2007\ISPrxENT.sys [2009-04-29 오후 10:39 77136]
S3 ISTrkEnt;ISTrkEnt;c:\program files\AhnLab\V3IS2007\ISTrkENt.sys [2009-04-29 오후 10:39 90936]
S3 v3engine;v3engine;c:\windows\System32\drivers\v3engine.sys [2009-04-29 오후 10:36 1519872]
S3 V3Flt2K;V3Flt2K;c:\progra~1\AhnLab\V3IS2007\V3Flt2K.sys [2009-04-29 오후 10:39 126840]
S3 V3IFt2K;V3IFt2K;c:\progra~1\AhnLab\V3IS2007\V3IFt2K.sys [2009-04-29 오후 10:39 77560]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-14 오후 8:48 741376]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-14 오후 8:44 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-14 오후 8:44 1089536]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWSP
*NewlyCreated* - AYDRVSP_ALYAC
*Deregistered* - AYDrvNT_ALYAC
*Deregistered* - AYDrvSP_ALYAC
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SPBBCDrv
*Deregistered* - SRTSPX
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:23]
2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 06:23]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-domuvepazi - c:\programdata\bulilufu\bulilufu.dll
HKCU-Run-CPM8d05ca84 - c:\programdata\satokali\satokali.dll
HKLM-Run-domuvepazi - c:\programdata\bulilufu\bulilufu.dll
HKLM-Run-17005464 - c:\programdata\17005464\17005464.exe
HKLM-Run-97015456 - c:\programdata\97015456\97015456.exe
HKLM-Run-8e36f918 - c:\programdata\pumulede\pumulede.dll
HKLM-RunOnce-isDeleteMe - c:\users\노유경~1\AppData\Local\Temp\isDel.bat

.

---

Supplementary Scan

---

.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {1AD649C1-8B55-4033-9019-CF452DB5499E} - hxxp://comic.paran.com/tns_web2/ToonsXParan3.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} - hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
DPF: {25B1B4C6-BB14-4D2A-A57C-1EB08A5021CD} - hxxp://imgcdn.pandora.tv/pan_img/liveupdate/enjsoft2/PandoraTVControl.cab
DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} - hxxp://simfile.chol.com/activex/SimFileControl.cab
DPF: {29BC57E0-018D-46D2-B233-338B779C169C} - hxxp://www.mrblue.com/webcube/control/WebCube.cab
DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} - hxxp://download.zfile.co.kr/ZFileWebControl.cab
DPF: {31547BE4-40A1-4F53-8DC6-40553BBEAA44} - hxxp://www.clubhard.co.kr/append/application/ClubHardCtrl.CAB
DPF: {49EA1597-4149-42FC-A01D-A03E07980D37} - hxxp://elibrary.wisebook.com/for_install/WiseInstaller.dll
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - hxxp://down.hangame.com/dist/activex/HanGamePlugin19.cab
DPF: {5D1317E0-98DD-4A64-907A-DCF3BBD28BA5} - hxxp://www.atomfile.co.kr/p2p/ActiveX/Sol2_SeverFileX.ocx
DPF: {5FB84F9E-70FF-4B98-B47A-8F530F8D4AF0} - hxxp://www.koreadaily.com/_dev/activeX/BKChatClient.cab
DPF: {61FDA6C5-3F5D-44D9-9CED-1D7AC727ACE0} - hxxp://touch.imbc.com/ActiveX/Pointory/CueControl.ocx
DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} - hxxp://imbbs.imbc.com/controls/BBSFileUpload.cab
DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} - hxxp://comic.daum.net/download/new/ToonsXContentsPlug.cab
DPF: {692141E8-D3D1-49E0-BB94-2C8FBB1D69DE} - hxxp://www.mrblue.com/viewer_comics/control/ComicsViewer.CAB
DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} - hxxp://activexdown.paran.com/paranactivex/data/imweb.cab
DPF: {7A9935D3-9B3C-4382-B62A-45CF92B18D74} - hxxp://cyimg8.cyworld.com/storyRoom/CyImgResize.cab
DPF: {7D71E87E-FF6D-45D6-813F-BDFD10A355A8} - hxxp://www.momodisk.com/mmsv/momodiskWebControl.CAB
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxps://vbv.samsungcard.co.kr/XecureObject/vista/xw_install.cab
DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/vista/maxhelper/MnetHelper.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604
DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} - hxxp://file.naver.com/activex/NaverFile.cab
DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} - hxxp://mail.daum.net/hanmail-ax/hanmail.cab
DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} - hxxp://plugin.inicis.com/vista/INIwallet50.cab
DPF: {A444A75B-D0C1-4440-B830-4F8206ADE1F5} - hxxp://ebookcase.genomad.co.kr/download/ezPDFLauncherX2.cab
DPF: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} - hxxp://mail1.naver.com/activex/NvBigFileUpload2_NT.cab
DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} - hxxp://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} - hxxps://vbv.samsungcard.co.kr/ubikey/VineTransfer.cab
DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} - hxxp://www.hangok.com/common/HanAgent.cab
DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} - hxxp://www.cdkey.co.kr/ax_cb/cb.cab
DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab
DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} - hxxp://plugin.inicis.com/wallet60/INIwallet60_vista.cab
DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} - hxxps://pay.kcp.co.kr/plugin/file_vista/payplus.cab
DPF: {E4812635-737D-443F-BEF4-02A4FF837D99} - hxxp://cdn.pandora.tv/noraebang/UpdateCtrl_v1015/UpdateCtrl.cab
DPF: {E75386B4-C629-11DB-8338-444553544200} - hxxp://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
DPF: {F4F08D66-EE06-4015-9EEF-5C136266B7D1} - hxxp://comic.paran.com/tns_web/ToonsXParan2.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/NaverAXGuide.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 22:36
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

LOCKED REGISTRY KEYS

---

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-09 22:39
ComboFix-quarantined-files.txt 2009-07-09 05:39
Pre-Run: 23,286,509,568 바이트 남음
Post-Run: 23,157,989,376 바이트 남음
370 --- E O F --- 2009-06-10 10:11

---

and here's my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 10:52:17, on 2009-07-08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Keyboard Driver\StartAutorun.exe
C:\Program Files\Avast\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Keyboard Driver\KMConfig.exe
C:\Program Files\Keyboard Driver\KMProcess.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HJT\HijackThis.exe
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PrepareYourVAIO] C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\RunOnce: [UnALYac] "C:\Windows\UnALYac.exe" /uninstall
O4 - HKLM\..\RunOnce: [Lusetup] C:\PROGRA~1\Symantec\LIVEUP~1\LUSetup.exe -s -a -q -log -version
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10217.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1AD649C1-8B55-4033-9019-CF452DB5499E} (ToonsXParan Control) - http://comic.paran.com/tns_web2/ToonsXParan3.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} (NHNComicViewer Class) - http://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
O16 - DPF: {25B1B4C6-BB14-4D2A-A57C-1EB08A5021CD} (PandoraTVControl Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/enjsoft2/PandoraTVControl.cab
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/activex/SimFileControl.cab
O16 - DPF: {29BC57E0-018D-46D2-B233-338B779C169C} (WebShell Control) - http://www.mrblue.com/webcube/control/WebCube.cab
O16 - DPF: {2EE4AED0-B8D5-4FCB-B4EB-75D5D20B55E5} (ZFile File Control) - http://download.zfile.co.kr/ZFileWebControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31547BE4-40A1-4F53-8DC6-40553BBEAA44} (ClubHard WebControl V2) - http://www.clubhard.co.kr/append/application/ClubHardCtrl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49EA1597-4149-42FC-A01D-A03E07980D37} (WiseInstaller Class) - http://elibrary.wisebook.com/for_install/WiseInstaller.dll
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex/HanGamePlugin19.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D1317E0-98DD-4A64-907A-DCF3BBD28BA5} (Sol2_AXServerFileX Control) - http://www.atomfile.co.kr/p2p/ActiveX/Sol2_SeverFileX.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/KO-KR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {5FB84F9E-70FF-4B98-B47A-8F530F8D4AF0} (BKChatClientX Control) - http://www.koreadaily.com/_dev/activeX/BKChatClient.cab
O16 - DPF: {61FDA6C5-3F5D-44D9-9CED-1D7AC727ACE0} (CueControl Control) - http://touch.imbc.com/ActiveX/Pointory/CueControl.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {687FB9A2-A997-44D4-9480-24F29B95F77B} (BBSFileUpload Control) - http://imbbs.imbc.com/controls/BBSFileUpload.cab
O16 - DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} (ToonsXContentsPlug Control) - http://comic.daum.net/download/new/ToonsXContentsPlug.cab
O16 - DPF: {692141E8-D3D1-49E0-BB94-2C8FBB1D69DE} (MrBlue.ComicsViewer) - http://www.mrblue.com/viewer_comics/control/ComicsViewer.CAB
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranactivex/data/imweb.cab
O16 - DPF: {7A9935D3-9B3C-4382-B62A-45CF92B18D74} (Uploader Class) - http://cyimg8.cyworld.com/storyRoom/CyImgResize.cab
O16 - DPF: {7D71E87E-FF6D-45D6-813F-BDFD10A355A8} (momodisk File Control1) - http://www.momodisk.com/mmsv/momodiskWebControl.CAB
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - https://vbv.samsungcard.co.kr/XecureObject/vista/xw_install.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/vista/maxhelper/MnetHelper.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/activex/NaverFile.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/vista/INIwallet50.cab
O16 - DPF: {A444A75B-D0C1-4440-B830-4F8206ADE1F5} (EzPDFLauncherX2 Control) - http://ebookcase.genomad.co.kr/download/ezPDFLauncherX2.cab
O16 - DPF: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} (Naver Mail BigFile Upload Control2) - http://mail1.naver.com/activex/NvBigFileUpload2_NT.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} (VineTransfer Control) - https://vbv.samsungcard.co.kr/ubikey/VineTransfer.cab
O16 - DPF: {C21FF368-1A79-4AAA-B2DB-3AEA1CC3EB87} (HanAgent Control) - http://www.hangok.com/common/HanAgent.cab
O16 - DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} (search_cb Control) - http://www.cdkey.co.kr/ax_cb/cb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://vbv.samsungcard.co.kr/keycrypt/npkcx_vista.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D912AABC-6CB0-416F-85B6-CABBB86FD558} (INIwallet60 Control) - http://plugin.inicis.com/wallet60/INIwallet60_vista.cab
O16 - DPF: {E3FA6DAA-04BF-4AEF-9612-341B2B7A25FC} (Payplus Client Control) - https://pay.kcp.co.kr/plugin/file_vista/payplus.cab
O16 - DPF: {E4812635-737D-443F-BEF4-02A4FF837D99} (UpdateCtrl Control) - http://cdn.pandora.tv/noraebang/UpdateCtrl_v1015/UpdateCtrl.cab
O16 - DPF: {E75386B4-C629-11DB-8338-444553544200} (PcubeSet Class) - http://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
O16 - DPF: {F4F08D66-EE06-4015-9EEF-5C136266B7D1} (ToonsXParan2 Control) - http://comic.paran.com/tns_web/ToonsXParan2.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://file.naver.com/activex/NaverAXGuide.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c986911efd5ab0) (gupdate1c986911efd5ab0) - Google Inc - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard Driver\KMWDSrv.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: npkcagentsvc - - C:\Windows\system32\npkcagentsvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Windows\system32\npkcmsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 17689 bytes

chiaz

I have noticed that you have 3 antivirus programs and 2 firewall programs installed on your computer.

Anti-virus programs are:

• avast! antivirus
• Norton Internet Security
• V3 Internet Security

Firewalls are:

• Norton Internet Security
• V3 Internet Security

Warning!
Running more than one resident protection program of the same type (antivirus, firewall) at the same time can result in unwanted conflict.
This can cause performance issues as well as possible conflicts..
If you want to keep all your antivirus programs then please make sure they are not in resident mode at the same time. It is essential to choose one firewall and uninstall the other.

=================================================================

Next please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::
c:\programdata\pumulede
c:\programdata\wimogesu
c:\programdata\vogibeti
c:\programdata\juviwuzi
c:\programdata\yubiwojo
c:\programdata\foponiga
c:\programdata\zosoyiro
c:\programdata\fusihove
c:\programdata\zoyojuga

File::
c:\windows\UnALYac.dat

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please, along with a new HijackThis log.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer*

Katana

Whilst we appreciate that you may be busy, it has been 5 days or more since we heard from you. This topic is now closed.

Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead