Wow. Thank you so much
My combofix log:
ComboFix 09-11-08.03 - Doochin & Doo 2009-11-09 17:24.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1042.18.447.105 [GMT -5:00]
Running from: c:\documents and settings\Doochin & Doo\바탕 화면\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\0000005630.exe
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \Configure your Nlro Window.lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \Create NamelessRo Account.lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \EclipseExe.lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \lua.lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \NamelessRO Forums.lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \Play NamelessRo Eclipse.lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \Uninstall NamelessRO Eclipse .lnk
c:\documents and settings\Doochin & Doo\시작 메뉴\프로그램\NamelessRO Eclipse \Update your Sakray.lnk
c:\documents and settings\Doochin & Doo\XP Deluxe Protector
c:\documents and settings\Doochin & Doo\XP Deluxe Protector\1.exe
c:\documents and settings\Doochin & Doo\XP Deluxe Protector\xpdeluxe.exe
c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\PerfectOptimizer.ini
c:\program files\Perfect Optimizer\unins000.exe
c:\windows\dat.txt
c:\windows\NamelessRO Eclipse
c:\windows\NamelessRO Eclipse \uninstall.exe
c:\windows\system32\drivers\vsfocemeohxrsv.sys
c:\windows\system32\gdi32lib.dll
c:\windows\system32\uninstall.exe
c:\windows\system32\vsfocebrrprrjl.dll
c:\windows\system32\vsfocefinvpyxc.dat
c:\windows\system32\vsfoceftamotfm.dll
c:\windows\system32\vsfoceibftkbph.dll
c:\windows\system32\vsfocejwbpxmsl.dll
c:\windows\system32\vsfocekbylwoss.dll
c:\windows\system32\vsfoceobvsinsr.dll
c:\windows\system32\vsfoceqingeept.dll
c:\windows\system32\vsfocexrkqppas.dat
c:\windows\system32\weBMailhook20060109.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_vsfoceqxsbxhxy
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.
2009-10-30 19:01 . 2009-10-30 19:37 35138 ----a-w- c:\windows\scunin.dat
2009-10-30 19:01 . 2009-10-30 19:37 967 ----a-w- c:\windows\ScUnin.pif
2009-10-30 19:01 . 2009-10-30 19:37 94208 ----a-w- c:\windows\ScUnin.exe
2009-10-30 18:59 . 2009-11-09 20:49 -------- d-----w- c:\program files\Starcraft
2009-10-20 22:04 . 2009-10-20 22:04 -------- d-----w- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 22:06 . 2009-10-05 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-01 20:26 . 2004-08-05 12:00 58596 ----a-w- c:\windows\system32\perfc012.dat
2009-11-01 20:26 . 2004-08-05 12:00 207784 ----a-w- c:\windows\system32\perfh012.dat
2009-10-25 03:47 . 2007-03-30 20:29 -------- d-----w- c:\program files\Warcraft III
2009-10-20 22:12 . 2007-10-14 21:00 -------- d-----w- c:\program files\Veoh Networks
2009-10-05 22:20 . 2007-06-08 13:53 -------- d-----w- c:\program files\MWGuide
2009-10-05 20:34 . 2009-10-05 20:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-05 20:34 . 2009-10-05 20:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-05 20:34 . 2009-10-05 20:34 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-05 20:34 . 2009-10-05 20:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 20:30 . 2009-10-05 20:30 -------- d-----w- c:\program files\AVG
2009-10-05 20:20 . 2009-10-05 20:20 -------- d-----w- c:\documents and settings\Doochin & Doo\Application Data\AVG8
2009-10-03 19:14 . 2007-08-04 21:03 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-15 23:25 . 2007-03-15 21:19 38248 ----a-w- c:\documents and settings\Doochin & Doo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 23:17 . 2009-09-15 23:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 23:16 . 2009-09-15 23:02 -------- d-----w- c:\program files\Windows Live
2009-09-15 23:08 . 2007-08-11 14:24 -------- d-----w- c:\program files\Windows Live Toolbar
2009-09-15 23:08 . 2009-09-15 23:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-15 23:06 . 2009-09-15 23:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-15 23:04 . 2009-09-15 23:04 -------- d-----w- c:\program files\Microsoft
2009-09-15 23:03 . 2009-09-15 23:03 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 22:53 . 2009-09-15 22:53 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-14 17:16 . 2009-09-14 17:16 -------- d-----w- c:\program files\DivX
2009-09-14 17:16 . 2009-09-14 17:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-31 20:41 . 2007-03-30 20:31 79952 ----a-w- c:\windows\War3Unin.dat
2009-08-24 02:11 . 2007-01-12 23:03 65536 ----a-w- c:\windows\IFinst27.exe
2009-08-17 19:45 . 2009-04-24 18:28 239 ----a-w- c:\windows\PowerReg.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MWGuide"="c:\program files\MWGuide\MWGuide.exe" [2007-06-08 229376]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"Downs Update"="c:\windows\system32\DownsUpdate.exe" [2009-01-07 738800]
"Downs"="c:\program files\Downs\DownsC.exe" [2009-07-29 742880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HncUpdate"="c:\hnc\HncUpdate.exe" [2003-10-08 172032]
"EPSON Stylus C62 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" [2002-04-10 74240]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2006-10-27 1696768]
"PCZiggyV4_Pdbox"="c:\program files\VPower\PCZiggyV4\Pdbox\Update.exe" [2008-05-06 671744]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-09 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-12 147456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" - c:\windows\system32\ctfmon.exe [2004-08-05 15360]
c:\documents and settings\All Users\시작 메뉴\프로그램\시작프로그램\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-05 20:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\WINDOWS\\system32\\fscagent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-05 오후 3:34 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-05 오후 3:34 108552]
R1 cwmtdi;cwmtdi;c:\windows\system32\drivers\cwmtdi.sys [2007-05-14 오후 6:04 48640]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-10-05 오후 3:30 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-10-05 오후 3:30 297752]
R2 Pdbox;Pdbox;c:\program files\VPower\PCZiggyV4\Pdbox\PZServiceNt.exe [2007-08-13 오후 10:29 159744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-31 오후 1:59 24652]
R3 PZPFE;PZPFE;c:\program files\VPower\PCZiggyV4\Common\Component\PZPFE.sys [2007-08-13 오후 10:30 4096]
S3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.sys [2008-03-27 오전 9:39 10752]
S3 JRSUKD24;JRSUKD24;c:\windows\system32\JRSUKD24.sys [2008-03-27 오전 9:39 6784]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 오후 4:10 32512]
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cyworld.com
Trusted Zone: naver.com
DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.com/web/nmstarter/NMStarter24.cab
DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - hxxp://name.siren24.com/nprotect/down/NPPWebInstallV2.cab
DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} - hxxp://update2.pcziggy.co.kr/update/ASP/ASP/Pdbox/PCZiggy.cab
DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} - hxxp://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} - hxxp://touch.imbc.com/ocx/iMBCControl.ocx
DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} - hxxp://touch.imbc.com/ocx/Online.cab
DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} - hxxp://toolbar.imbc.com/toolbar/MBCToolBar.cab
DPF: {887E61BD-D0AA-4CBC-8DF6-11CC97638ADB} - hxxp://cab.cleardisk.com/reinstall/ClearActX.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.com/NMChatX/NMTransX.cab
DPF: {97F3D1C1-C8C2-471D-A139-298DEAA35E0B} - hxxp://comicplus.donga.com/viewer/ToonsXComicPlus.cab
DPF: {B9062EF1-45C6-47F8-974A-B191B2E35ED0} - hxxp://down.c-zero.co.kr/cab7/CCInst7.CAB
DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} - hxxp://cdn.hangame.com/hangame/messenger/hani/webmsg/HanWebMsg.cab
DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} - hxxp://app.gomtv.com/gomtv/gomtvx.cab
DPF: {BD0FFB95-2589-419E-B605-A416900E7B0B} - hxxp://touch.imbc.com/ocx/iMBCDownload.ocx
DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} - hxxp://id.hangame.com/common/HanSetup1020.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
DPF: {EF35E39E-93DC-4B32-B8A4-5F6005204664} - hxxp://down.goodgames.co.kr/caba/CCInst9.CAB
FF - ProfilePath - c:\documents and settings\Doochin & Doo\Application Data\Mozilla\Firefox\Profiles\3iu7sygp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US
fficial
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-OsUpdate - c:\program files\OpenSearchPro\Update.exe
HKCU-Run-KeyMatch - c:\program files\KeyMatch\KeyMatch.exe
HKCU-Run-XPoint - c:\program files\XPoint\XPointUpdate.exe
HKCU-Run-eMuleAutoStart - c:\program files\eMule\emule.exe
HKLM-Run-PerfectOptimizer - c:\program files\Perfect Optimizer\PerfectOptimizer.exe
AddRemove-NamelessRO Eclipse 1.1 - c:\windows\NamelessRO Eclipse \uninstall.exe
AddRemove-NamelessRO Eclipse3.0 - c:\windows\NamelessRO Eclipse \uninstall.exe
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE
AddRemove-XPOINT - c:\program files\XPoint\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-09 17:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):68,72,a4,4f,58,75,49,c4,2b,70,47,6d,3e,07,44,cd,3f,19,64,13 ,86,
1e,e4,dd,9f,4f,cb,57,d1,14,ec,81,68,3d,19,c0,77,fc,1f,4b,00,00,00,00,00,00, \
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fba0a7d2-279d-4833-8725-db6f12e30e65}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002f
"Therad"=dword:0000001a
.
Completion time: 2009-11-09 17:55
ComboFix-quarantined-files.txt 2009-11-09 22:55
Pre-Run: 56,986,447,872 바이트 남음
Post-Run: 57,019,428,864 바이트 남음
- - End Of File - - 4F9663BB6D64342B2C86AA913A1A260D
My HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 6:15:14, on 2009-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\VPower\PCZiggyV4\Pdbox\PZServiceNt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\VPower\PCZiggyV4\Pdbox\PZMon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MWGuide\MWGuide.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VPower\PCZiggyV4\Pdbox\PZTr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: 야후! 툴바 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57
www.inetavirus.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: 네이버 툴바(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_3_1_1_107.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: 야후! 툴바 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCZiggyV4_Pdbox] "C:\Program Files\VPower\PCZiggyV4\Pdbox\Update.exe" /launch/run/hide/noupdate
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MWGuide] C:\Program Files\MWGuide\MWGuide.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Downs Update] C:\WINDOWS\system32\DownsUpdate.exe
O4 - HKCU\..\Run: [Downs] C:\Program Files\Downs\DownsC.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 콘솔 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 스크랩 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer에 스크랩(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.cyworld.com
O15 - Trusted Zone:
http://*.naver.com
O15 - ESC Trusted Zone:
http://*.update.microsoft.com
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) -
http://download.netmarble.com/web/nm...MStarter24.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
http://www.pdbox.co.kr/boxmedia/ctrl...SpeedCheck.cab
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} (NPPWebInstallV2 Control) -
http://name.siren24.com/nprotect/dow...bInstallV2.cab
O16 - DPF: {15EDD727-C89B-4639-8157-A731271E2EA6} (PZLaunch Control) -
http://update2.pcziggy.co.kr/update/...ox/PCZiggy.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) -
http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
O16 - DPF: {32ECCE1D-F91E-413F-AFF3-BA477CF0C9C6} (IMBCControl Control) -
http://touch.imbc.com/ocx/iMBCControl.ocx
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) -
http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {563DF2AD-1EB7-4C84-8DA8-52A0A134E30E} (IcsView Control) -
http://www.icantek.com/support/oem/activex/icsview.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1186899130890
O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} -
http://toolbar.imbc.com/toolbar/MBCToolBar.cab
O16 - DPF: {887E61BD-D0AA-4CBC-8DF6-11CC97638ADB} (ClearActX Control) -
http://cab.cleardisk.com/reinstall/ClearActX.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) -
http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {97F3D1C1-C8C2-471D-A139-298DEAA35E0B} (ToonsXComicPlus Control) -
http://comicplus.donga.com/viewer/ToonsXComicPlus.cab
O16 - DPF: {B9062EF1-45C6-47F8-974A-B191B2E35ED0} -
http://down.c-zero.co.kr/cab7/CCInst7.CAB
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (한게임접속프로그램) -
http://cdn.hangame.com/hangame/messe.../HanWebMsg.cab
O16 - DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} (Launcher Class) -
http://app.gomtv.com/gomtv/gomtvx.cab
O16 - DPF: {BD0FFB95-2589-419E-B605-A416900E7B0B} (IMBCDownload Control) -
http://touch.imbc.com/ocx/iMBCDownload.ocx
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) -
http://id.hangame.com/common/HanSetup1020.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) -
https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {EF35E39E-93DC-4B32-B8A4-5F6005204664} (CCInst9 Control) -
http://down.goodgames.co.kr/caba/CCInst9.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Pdbox - Vision Power co., Ltd. - C:\Program Files\VPower\PCZiggyV4\Pdbox\PZServiceNt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebFilter - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
--
End of file - 11962 bytes
Once again thank you so much for responding and a future thank you for your help.
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
