Free Malware Removal Forum

[ablazea]

i play mplaestory but one day i can't play it so i went to maplestory.com it goes to alloverlaxi.com(porn site) but i don't know y so i went to research in the web it told me to go here and use the hijackthis. so can't u guys tell me how to play maplestory again plz. i love that game o and in the web otheres experience this to

and the web says its maplestory.com but the screen is alloverlexi.com

here's my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 9:44:19, on 2009-08-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TriGEM Computer\Tri_750\mmkbd.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NATEON\BIN\NATEONMain.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 74.206.175.177 nexon.net
O1 - Hosts: 74.206.175.177 http://www.nexon.net
O1 - Hosts: 74.206.175.177 maplestory.nexon.net
O1 - Hosts: 74.206.175.177 maplestory.com
O1 - Hosts: 74.206.175.177 http://www.maplestory.com
O2 - BHO: ALPassHelper Class - {00533B73-E574-46E9-B06A-FDF4592E67CB} - C:\Program Files\ESTsoft\ALPass\ApsHelper18.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Daum 툴바 - {D7045991-84D6-46D3-8487-84FBEDC21B84} - C:\Program Files\Daum\DaumToolbar\3.5.0.73_0\DaumToolbar.dll
O3 - Toolbar: (no name) - {C7928CF3-9532-44C0-B8CC-98E2C11ECC9F} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HncUpdate] C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe /A
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NATEON] C:\Program Files\NATEON\BIN\NATEON.exe -as
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Daum검색 - res://C:\Program Files\Daum\DaumToolbar\3.5.0.73_0\DaumToolbar.dll/154
O8 - Extra context menu item: Daum사전 검색 - res://C:\Program Files\Daum\DaumToolbar\3.5.0.73_0\DaumToolbar.dll/155
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: OneNote로 보내기 - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote로 보내기 - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmsta ... rter25.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {15AECD82-DA7D-4EC5-B57F-ED578D84C3F9} (DaumFileControl Control) - http://file.daum.net/down/DaumFile.cab
O16 - DPF: {23918D4A-F598-454F-B723-9B8688710008} (NOOP Control) - http://update.diskpop.com/DiskpopV3/ASP_Agent.cab
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} (INISAFE Updater Control) - http://www.citibank.co.kr/shttp/install ... INIS70.cab
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} (SCSK Control) - http://www.citibank.co.kr/js/kor/ie8/SCSK4.cab
O16 - DPF: {3C6DF619-8963-4C55-8A6E-FD4424CAD410} (DpopActivexV3 Control) - http://update.diskpop.com/DiskpopV3/Act ... ivexV3.cab
O16 - DPF: {43C01137-78B1-4C7D-8522-44B4D0A96E4B} (CMHClient Class) - http://update.diskpop.com/DiskpopV3/fclient(v1.6.34.7)_200811041119_blue3725.cab
O16 - DPF: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} (Nate Filebox Control) - http://mail.nate.com/bigmail/NateFilebox.cab
O16 - DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} (NetmarbleAutoUpdater Class) - http://download.netmarble.net/ActiveX/N ... .0.1.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0351559421
O16 - DPF: {6531D99C-0D0E-4293-B3CB-A3E1D0D41847} (AhnASP Control) - http://ahnlabdownload.nefficient.co.kr/ ... AhnASP.cab
O16 - DPF: {68B5B09E-9CB4-4E93-A75B-44DD4362120C} (ToonsXContentsPlug Control) - http://comic.daum.net/download/new/Toon ... tsPlug.cab
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://61.40.216.19/IniMasPlugin.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.keb.co.kr/XecureObject/xw_install.cab
O16 - DPF: {831F7F40-D2BC-4B6D-A4F5-26CA01603138} (moazineUpdate ActiveX Control) - http://olv.moazine.com/rviewer/moazineUpdate.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworld.com/ImageUpload/C ... b?20081124
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} (SG_CAppAtx Control) -
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://mail.daum.net/hanmail-ax/DaumAct ... er=2,0,0,4
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} (EwsLoader Class) -
O16 - DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} (SKCInst1 Class) - http://cyimg7.cyworld.com/cymusic/package/skcinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/kfb/npkcx.cab
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprotect.net/nprotect2007/kfb/npz.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} (NaverAXGuide Class) - http://file.naver.com/activex/NaverAXGuide.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.10115.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: f_ai.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple 모바일 장비 (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour 서비스 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - http://mail.daum.net/js/hanmail.js?dummy=200903301830

--
End of file - 11515 bytes
plz help

[askey127]

Hi ablazea,
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

O20 - AppInit_DLLs: f_ai.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O1 - Hosts: 74.206.175.177 nexon.net
O1 - Hosts: 74.206.175.177 http://www.nexon.net
O1 - Hosts: 74.206.175.177 maplestory.nexon.net
O1 - Hosts: 74.206.175.177 maplestory.com
O1 - Hosts: 74.206.175.177 http://www.maplestory.com

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT The Machine
-----------------------------------------------------------
YOU HAVE NO ANTI-VIRUS PROGRAM
Download just one of these free anti-virus programs, update it and run a full scan. Have it fix anything it finds.
Consider this an Emergency until you complete it!

• AntiVir Free from here : http://www.free-av.com/
• Avast Home Edition from here : http://www.avast.com/eng/down_home.html

----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.

• After clicking on the download and choosing Save, the "Save to location" dialog will come up.
• Choose Desktop as the location to save the installer and click Save again.
• You should now have a desktop icon named mbam-setup.exe. Double-click it.
• Let it install the program where it wants to, with the default settings, and click Finish.
• If an update is found, it will download and install the latest version.
• If necessary, start Malwarebytes Anti-Malware again.
• Once the program is running, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• If it found any malware items. Be sure that every item is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
• The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
• Recent logs are named by time/date stamp in this format : mbam-log-2009-mm-dd(hour-min-sec).txt
• You can now delete the installer icon, named mbam-setup.exe from your desktop.

-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

We are looking for the log from Malwarebytes' Antimalware and the Installed programs list from HiJackThis.
askey127

[ablazea]

heres my mbam log

Malwarebytes' Anti-Malware 1.40
Database version: 2724
Windows 5.1.2600 Service Pack 3

2009-09-01 오후 9:51:07
mbam-log-2009-09-01 (21-51-07).txt

Scan type: Quick Scan
Objects scanned: 117420
Time elapsed: 19 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Program Files\NATEON\BIN\NATEONMain.exe (Trojan.BHO) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\NATEON\BIN\NateOnResDLL_KOR.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{05f85fdd-1cce-4868-b9ca-efbf6f93d10b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21bd980f-1fa7-42c8-a3a9-d246b849d407} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{627bf7e3-0adf-4a66-b34b-89130610114e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6c1ba30-3b2f-4f9a-a8e8-6ab6d56b11cb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e294773d-3e82-4e53-9476-023ae9ea6504} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aeb636d6-ce03-4c89-9677-964a63322e2d} (Adware.AskPop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7928cf3-9532-44c0-b8cc-98e2c11ecc9f} (Adware.AskPop) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c7928cf3-9532-44c0-b8cc-98e2c11ecc9f} (Adware.AskPop) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)


Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\NATEON\BIN\NateOnResDLL_KOR.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.


heres my unistal log


곰오디오
곰플레이어
네이버 ActiveX 가이드
네이트온
모아진 리더
모아진 업데이트
알씨
알약
알집
알툴즈 업데이트
한글과컴퓨터 한글 2007
AC3Filter (remove only)
Adobe Flash Player 10 Plugin
Adobe Reader 9 - Korean
AhnLab MyFirewall 2.0
AhnLab Online Security
AhnLab Smart Update i
Apple Mobile Device Support
Bonjour
Choice Guard
CoreAAC Audio Decoder (remove only)
Daum 툴바
Daum ActiveX 컨트롤 - 한메일 파일업로더
Daum ActiveX 컨트롤 - 한메일Express 파일업로더
Daum ActiveX 컨트롤 - Daum 음악 플레이어
ESUBI 시스템 최적화, 악성코드 치료 프로그램
HijackThis 2.0.2
INISafeWeb 7.0 (SFilter v1.0)
iTunes
Java(TM) 6 Update 15
Malwarebytes' Anti-Malware
MediashellAgent
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (Korean) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Korean) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Korean) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office InfoPath MUI (Korean) 2007
Microsoft Office OneNote MUI (Korean) 2007
Microsoft Office Outlook MUI (Korean) 2007
Microsoft Office PowerPoint MUI (Korean) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proofing (Korean) 2007
Microsoft Office Publisher MUI (Korean) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Korean) 2007
Microsoft Office Word MUI (Korean) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
MSVCRT
nProtect KeyCrypt
nProtect Netizen(remove only)
Pando Media Booster
PC Connectivity Solution
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem Software
Segoe UI
SignGATE EWS v3.2
SiS VGA Utilities
Skype™ 3.8
SoftCamp Secure KeyStroke 4.0
Tri_750
Windows 드라이버 패키지 - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows 드라이버 패키지 - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows 드라이버 패키지 - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live 로그인 도우미
Windows Live 업로드 도구
Windows Live 필수 패키지
Windows Live 필수 패키지
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
XecureCK Keyboard Protector with E2E
XecureWeb Control
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

[askey127]

ablazea,
Looks better.
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
Download HostsXpert and unzip it to your computer, somewhere where you can find it.

• Double click on HostsXpert.exe to launch the program.
• In the bottom half of the left pane, click on File Handling
• If the first button at the top is labeled Make Writeable?, click on it so it changes to Make Read Only
• Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
• Click on the top button labeled MVPs Hosts and choose Replace
• When asked to verify if you want to Replace present Hosts file, click OK.
• Now click on File Handling again
• Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
• Hit the X in the upper right corner to exit HostsXpert

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
-----------------------------------------------------------
Reset System Restore Points

• Click Start > Help and Support
• Click on ->Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close Help and Support Center.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.

Tell me how it's running.
askey127

[askey127]

ablazea, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.