1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Micro AV 2009 Virus **Insane**

Discussion in 'Windows - Virus and spyware problems' started by zoktai, Sep 11, 2008.

  1. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Both sharib and bibhash84, hi!

    First thing: Please do not crowd other people's thread. It makes it confusing to help so many people at the same time, and the instructions may get confused. I will help you, but I will post in different posts below. Also, please do not follow instructions meant for others. It may be harmful towards your own computer.
     
    Last edited: Sep 19, 2008
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    For sharib

    We need a special cleaner for this. I don't know if you have the time and resources, but try it anyway.

    Time to use a boot cd. Please download Antivir RescueCD, run it to burn a cd (on a different computer), and then boot your computer using the cd. Run a scan, and see how your computer turns out.

    Notes:
    1.You have to click space after highlighting English as a language to select it.
    2. As an option, select "Rename files that cannot be repaired" or something like that.

    Best Regards :D
     
  3. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    For bibhash84

    Please download Superantispyware Free and install it. Follow the prompts and reboot if required.

    Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...

    Configuring SuperAntispyware

    • Click on Preferences.
    • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.
    • Navigate to the tab Scanning Control.
    • Make sure only these boxes are checked:
    Code:
    Close browsers before scanning
    Scan for tracking cookies
    Terminate memory threats before quarantining
    Scan Alternate Data Streams
    Use Kernel Direct File Access (recommended)
    Use Kernel Direct Registry Access (recommended)
    Use Direct Disk Access (recommended)
    • Click on Close.

    Updating SuperAntispyware

    • At the main window, click on Check for Updates....
    • Wait for SuperAntispyware to be fully updated.

    Scanning Time

    • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
    • Launch SuperAntispyware.
    • At the main window, click on Scan your Computer....
    • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.
    • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.
    Reboot your computer.

    Post A Log

    • Launch SuperAntispyware
    • Click on Preferences
    • Navigate to the tab Statistics/Logs.
    • Choose the latest scan log, and the click on View Log....
    Copy and paste the contents of the log here in your next post.

    Best Regards :D
     
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Sorry... double post.
     
    Last edited: Sep 19, 2008
  5. sharib

    sharib Member

    Joined:
    Sep 18, 2008
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    sorry, I didn't know that I should have posted under a new thread...I saw all of the other posts and thought that I could just reply.

    Anyways I will give this a try. Thank You!
     
  6. marko1892

    marko1892 Member

    Joined:
    Sep 19, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Hi can anyone help me i have this virus on my desktop (currently on my laptop) and cant seem to get rid of it, im a complete novice at this :( AVG found 27 infections i cleared them but nothing.

    Does anyone have any help of how to get rid of it, i presume if i download the hijackthis then i will need to put it on cd then transfer it over to my other computer yes?

    Help please :(
     
  7. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Open a new thread so that this thread can be left alone in peace.
     
  8. avenged1

    avenged1 Member

    Joined:
    Sep 24, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    HELP
    I somehow managed to download the micro av virus and thought i got i off my laptob, but i cant activate my automatic updates still and am getting pop-ups randomly which i wasnt before. I have run ccCleaner,Adaware software, and McAfee virus scan several times, but have not been able to take out this virus...she's a nasty one...please help
    i ran hijackthis and have the log file:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:49 AM, on 9/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\AIM6\aim6.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\VirusScan\McShield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SiteAdvisor\6261\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\explorer.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Documents and Settings\Administrator\Desktop\virusshit\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0MSN&bm=ms_home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [6c0b3a99] rundll32.exe "C:\WINDOWS\system32\mgtkwjwk.dll",b
    O4 - HKLM\..\Run: [BM6f380905] Rundll32.exe "C:\WINDOWS\system32\frjxfhhq.dll",s
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\3SMNEGEQ\SIZE_1~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\NVMXEEJU\AIM_UA~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\21U1C99J\TCODEB~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\NVMXEEJU\AIMRAD~1.SH! C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\Content.IE5\21U1C99J\TCODEW~1.SH!
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: nvpske.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9069 bytes
    --avenged1
     
  9. avenged1

    avenged1 Member

    Joined:
    Sep 24, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    didnt see that i needed to post in a new thread sorry, i will do that
     
  10. leo1001

    leo1001 Member

    Joined:
    Oct 8, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    11
    hi, this is log file of mine,,,
    what should i do next?
    thanks

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:48: VIRUS ALERT!, on 2008-10-08
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\HAURI\Common\hsvcmod.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\npkcmsvc.exe
    C:\Documents and Settings\All Users\Application Data\qnaxcfip\ohyjctuf.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\smstsb10.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\HAURI\Common\Base\VRMONNT.EXE
    C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe
    C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HAURI\Common\Base\vrmonsvc.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\System32\rs32net.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\TEMP\tyy53.tmp
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\apcdspwt.exe
    D:\download\HiJackThis\scanner.exe

    O2 - BHO: (no name) - {0574D50F-C261-490D-BF39-4E91183C4EFB} - C:\WINDOWS\system32\rqRIxVlj.dll (file missing)
    O2 - BHO: AddressHook Class - {420F61A2-B3BE-4A80-8A68-A2080770CD4C} - C:\Program Files\PC-Clean\PCCleanHModul.dll (file missing)
    O2 - BHO: (no name) - {44E1144B-28B8-4C3D-BE09-6593CBA45B6F} - C:\WINDOWS\system32\wvUlLBqn.dll (file missing)
    O2 - BHO: 124909 helper - {51fc8c8a-a290-44bb-9331-c2d3289976a6} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {c838ee72-627f-2488-7314-d535efad167e} - {e761dafe-535d-4137-8842-f72627ee838c} - C:\WINDOWS\system32\aejexb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [PC-Clean] C:\Program Files\PC-Clean\PC-Clean.exe /h
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
    O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Samsung Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\smstsb10.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Vrmon] C:\Program Files\HAURI\Common\Base\VRMONNT.EXE
    O4 - HKLM\..\Run: [HEProtect] C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
    O4 - HKLM\..\Run: [\YUR1E4.exe] C:\Windows\system32\YUR1E4.exe
    O4 - HKLM\..\Run: [\YUR1E5.exe] C:\Windows\system32\YUR1E5.exe
    O4 - HKLM\..\Run: [\YUR1E6.exe] C:\Windows\system32\YUR1E6.exe
    O4 - HKLM\..\Run: [\YUR1E7.exe] C:\Windows\system32\YUR1E7.exe
    O4 - HKLM\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe
    O4 - HKLM\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe
    O4 - HKLM\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe
    O4 - HKLM\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe
    O4 - HKLM\..\Run: [inrhc71wj0ec3t] C:\WINDOWS\Temp\.ttC.tmp.exe /CR=BF41E8B2D96ED8F141145E40F597DD53A6FA5259F2B99AAEFE9CA50E3D5864C97601163E685997DF23C494EAA2BBA0C5BBC3052F40902B45271F3BF8F1EA539A4CB13DFD5FD896E50A3F6A4D3EB9E06E82B364EF2F49C1
    O4 - HKLM\..\Run: [7826feaf] rundll32.exe "C:\WINDOWS\system32\nkvmhpwm.dll",b
    O4 - HKLM\..\Run: [lphc31wj0ec3t] C:\WINDOWS\system32\lphc31wj0ec3t.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [] C:\Documents and Settings\sabio\Application Data\Adobe\Player.exe
    O4 - HKCU\..\Run: [\YUR1E4.exe] C:\Windows\system32\YUR1E4.exe
    O4 - HKCU\..\Run: [\YUR1E5.exe] C:\Windows\system32\YUR1E5.exe
    O4 - HKCU\..\Run: [\YUR1E6.exe] C:\Windows\system32\YUR1E6.exe
    O4 - HKCU\..\Run: [\YUR1E7.exe] C:\Windows\system32\YUR1E7.exe
    O4 - HKCU\..\Run: [\YUR18.exe] C:\Windows\system32\YUR18.exe
    O4 - HKCU\..\Run: [\YUR17.exe] C:\Windows\system32\YUR17.exe
    O4 - HKCU\..\Run: [\YUR19.exe] C:\Windows\system32\YUR19.exe
    O4 - HKCU\..\Run: [\YUR1A.exe] C:\Windows\system32\YUR1A.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [admgen] C:\WINDOWS\system32\apcdspwt.exe
    O4 - HKLM\..\Policies\Explorer\Run: [DfGtZDH10R] C:\Documents and Settings\All Users\Application Data\qnaxcfip\ohyjctuf.exe
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Adobe PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: 기존 PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 링크 대상을 Adobe PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 링크 대상을 기존 PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 선택 영역을 Adobe PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 선택 영역을 기존 PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 선택한 링크를 Adobe PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: 선택한 링크를 기존 PDF로 변환 - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.shinhan.com
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab
    O16 - DPF: {044123B5-35DF-4C4E-BAED-26B8ED964342} (HLiveRobotWeb Control) - http://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
    O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg6.cyworld.nate.com/ImageUpload/CyImageUpload2.cab
    O16 - DPF: {1A9365CC-319D-420D-99A6-D9FD1E92C966} (Tracertping3 Control) - http://speed.nia.or.kr/traceroute/TracertPing3.cab
    O16 - DPF: {1CDC3381-1B2C-4CD2-A1F0-4AC6942CCE2E} (DzUpdaterX Control) - http://www.neoport.net/cmn/ocx/DzUpdaterX.cab
    O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} (XacsPop Control) - https://mpi.dacom.net/XMPI/js/xmpi2008.cab
    O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - https://plugin.inicis.com/banktown/initech/plugin/down/INIS60.cab
    O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://www.shinhancard.com/common/scsk4.cab
    O16 - DPF: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} (SessionControl Control) - http://pib.wooribank.com/com/common/SessionControl.cab
    O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} (Sysinfo2 Control) - http://speed.nia.or.kr/login/sysinfo2.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Empas Filebox Control) - http://download.empas.com/rel/EmpasFilebox/x1_1_1_1/EmpasFilebox.cab
    O16 - DPF: {53EED863-B547-40F8-B24A-2D6DE807CFE8} (Printmade Control) - http://img.shinhan.com/rib/ko/print/Printmade.cab
    O16 - DPF: {5D9446DB-E849-4B95-9872-D0C21343ABF0} (MAWizard Class) - http://www.csafer.net/ActiveX/MASetupWizard.cab
    O16 - DPF: {5FC62385-06BC-48F4-9890-B373472645B1} (IssacWebSE3 Class) - http://www.myasset.com/myasset/login/install/IssacWebTY_nojava.cab
    O16 - DPF: {66413DC2-F891-40BC-822D-B7EEC8ADC281} (ProWorksGrid Control) - http://img.shinhan.com/rib/common/ProWorksGrid.cab
    O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://ck.softforum.co.kr/keypro/2.2.0.46/CKKeyPro.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173063807718
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.bccard.com/service/individual/security/images/IniMasPlugin.cab
    O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab
    O16 - DPF: {789B70A5-14A1-49A0-A166-4DA45DB95662} (PopUpBlocker Control) - http://www.myasset.com/myasset/login/install/PopUpBlocker_1006.cab
    O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.2.1.2/xw_install.cab
    O16 - DPF: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} (MABugsDownload Control) - http://www.csafer.net/activex/mabugsdownload.cab
    O16 - DPF: {971A5328-1926-4ED6-B899-6C01338D4B32} (DCLinker Class) - http://game.freechal.com/download/norazo2/Norazo2_40.cab
    O16 - DPF: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} (btpgClientCM Class) - https://pg.banktown.com/wallet/plugin/ibtpgClientCM.cab
    O16 - DPF: {9B6D0E46-3F96-11D9-A711-004F4E099F85} (Originality.WEBnewszine) - http://www.vanchosun.com/WEBnewszine/WEBnewszine.CAB
    O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) - http://download.signgate.com/download/ews/ewsinstaller.cab
    O16 - DPF: {A5DE5263-214F-4BA2-90FC-C0E32349234D} (EzLauncher Class) - http://ftp.entica.com/EnLaunch/ENPPY3/Install/NPWebLaunch.cab
    O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - http://pgdownload.dacom.net/dacom/IssacWebProCMS_4_2_6_1.cab
    O16 - DPF: {AD435D31-ED5C-4148-9DD8-92211F9DAC34} (RSA Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
    O16 - DPF: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} (Naver Mail BigFile Upload Control2) - http://mail.naver.com/activex/NvBigFileUpload2_NT.cab
    O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) -
    O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
    O16 - DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} (SpeedTest Control) - http://speed.nia.or.kr/speedtest/SpeedTest.cab
    O16 - DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} (DacomUpload Control) - http://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
    O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworld.com/cymusic/package/skcinst.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/module/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/shinhancard/npkcx.cab
    O16 - DPF: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} (SCSKEx Control) - http://img.shinhan.com/rib/common/keyStroke/SoftCamp/4092/scskex.cab
    O16 - DPF: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} (Npx2 Control) - http://update.nprotect.net/nprotect/lgcard/npx2.cab
    O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://www.congnamul.com/ActiveX/Release/ASP/CongnamulMap4Asp_V29.cab
    O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
    O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab
    O16 - DPF: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} (ShbAutoTrustSite Control) - http://img.shinhan.com/rib/common/TrustSite/20041202/ShbAutoTrustSiteX.cab
    O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.myasset.com/myasset/login/install/SKCommAX_7203.cab
    O16 - DPF: {F1F07506-6CB4-44AC-8615-66D1234EFD05} (WebCtl Class) - http://www.shinhancard.com/initech/plugin/down/INIS50.cab
    O16 - DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} (GWallCtrl Class) - http://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800_Vista/GWall.cab
    O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://mail1.naver.com/activex/NaverAXGuide.cab
    O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} (AnsimPlugin Class) - https://kspay.ksnet.to/vistampi/KSNetMPI.cab
    O20 - AppInit_DLLs: aejexb.dll
    O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: qpagyz - C:\WINDOWS\SYSTEM32\qpagyz.dll
    O20 - Winlogon Notify: rqRIxVlj - rqRIxVlj.dll (file missing)
    O20 - Winlogon Notify: winuxh32 - winuxh32.dll (file missing)
    O21 - SSODL: AppUtilAdm - {67C97BB7-3EC9-4823-D483-021FC03BF6C8} - C:\Program Files\zayjybc\AppUtilAdm.dll
    O21 - SSODL: qmafxprs - {4B197653-53CB-4B1A-A083-8183400C6360} - C:\WINDOWS\qmafxprs.dll (file missing)
    O21 - SSODL: lfstbwvd - {DCA11969-1A88-420A-843C-7A8AD6AA8985} - C:\WINDOWS\lfstbwvd.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: ViRobot for WinNT(tm) Folder Protect (HFACSVC) - hauri - C:\Program Files\HAURI\ViRobot Desktop 5.0\AccessControl\HFACSvc.exe
    O23 - Service: Hauri Common Service (hsvcmod) - Unknown owner - C:\Program Files\HAURI\Common\hsvcmod.exe
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
    O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Hauri Firewall (vrfwsvc) - HAURI - C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe
    O23 - Service: ViRobot Desktop Monitoring (vrmonsvc) - HAURI - C:\Program Files\HAURI\Common\Base\vrmonsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O24 - Desktop Component 0: (no name) - http://jaredwiltshire.com/system/files/images/brabus-slr-mclaren-719.jpg

    --
    End of file - 21243 bytes
     
  11. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi leo1001

    Please follow the instructions below, and post your results in a new thread!

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.


    • Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
  12. kaquaj

    kaquaj Guest

    I can't get "Virus Alert!" off my taskbar. I downloaded Hijackthis and this is my log. Help

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:09: VIRUS ALERT!, on 10/20/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "www.bellsouth.net"); (C:\Documents and Settings\KAREN\Application Data\Mozilla\Profiles\default\8baqnonn.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\KAREN\Application Data\Mozilla\Profiles\default\8baqnonn.slt\prefs.js)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {C21B2A79-72A6-49E2-953D-C780F4B1138E} - C:\WINDOWS\system32\qoMdEUNd.dll (file missing)
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {69C9C6AD-8E5C-47F8-8ABF-ACB45D8B770A} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206698585140
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab
    O20 - AppInit_DLLs: luyiif.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O24 - Desktop Component 0: Privacy Protection - (no file)

    --
    End of file - 6649 bytes
     
  13. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi kaquaj

    It would be good if you could simply start this in a new thread, as we don't want to crowd up this thread.

    Best Regards :D
     
  14. newb23

    newb23 Guest

    hey there i am a very in experienced computer guy who knows a bit but this damn virus is angering me oh so much!!!!! please!!! help meeeeeee!!!!!
     
  15. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi newb23

    Post your problem in a new thread and I will help you. Let's not crowd up this one. Follow these instructions:

    Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.

    Rename HijackThis(.exe) to scanner(.exe).

    Next, run scanner(.exe). A window will pop up.

    • Click on the button which says Main Menu, then Do a system scan and save a logfile.
    • Please wait for the scan to be completed.
    • After the scan has completed, a text window will pop up. Please post the contents of this window here.

    This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.

    NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.

    Best Regards :D
     

Share This Page