Report Help Please![INACTIVE] in Malware Removal Posted June 21, 2006 · Edited June 21, 2006 by dee Our computer has recently acquired a host of popups(esp. from ad-w-a-r-e.com). Our virus scanner detected something named dfndra.exe. Can anyone help?Logfile of HijackThis v1.99.1Scan saved at 오후 6:37:00, on 2006-06-21Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ZCfgSvc.exeC:\WINDOWS\System32\1XConfig.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Hcontrol.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\windows\system32\psdsregk.exeC:\WINDOWS\SYSC00.exeC:\WINDOWS\system32\mptft.exeC:\WINDOWS\system32\ssn6tuu.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ssec.exeC:\WINDOWS\system32\nr1rnqm8.exeC:\WINDOWS\system32\kwintqez.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\tfthot.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exeC:\WINDOWS\system32\kwintqez.exeC:\WINDOWS\ATKOSD.exeC:\WINDOWS\Lg\command.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Network Monitor\netmon.exeC:\WINDOWS\system32\packet.exeC:\WINDOWS\System32\RegSrvc.exeC:\WINDOWS\rcss.exeC:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exeC:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\kwintqez.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Alzip\ALZip.exeC:\Documents and Settings\xp\Local Settings\Temp\_AZTMP1_\HijackThis.exeR3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\chhru.exeF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mdovfxi.exeO2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dllO2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [keyboard] C:\\kybrd.exeO4 - HKLM\..\Run: [newname] C:\\nwnm.exeO4 - HKLM\..\Run: [{05-56-69-95-ZN}] C:\windows\system32\psdsregk.exe GID003O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exeO4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exeO4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"O4 - HKLM\..\Run: [w1e0bc54.dll] RUNDLL32.EXE w1e0bc54.dll,I2 0016b54b01e0bc54O4 - HKLM\..\Run: [browserUpdateSched] C:\WINDOWS\system32\kwintqez.exe GID003O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dllO9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)O15 - Trusted Zone: http://www.gopd.co.krO15 - Trusted Zone: http://*.gopd.co.krO15 - Trusted Zone: http://cfolder.nownuri.netO15 - Trusted Zone: http://client.nownuri.netO15 - Trusted Zone: http://club.nownuri.netO15 - Trusted Zone: http://help.nownuri.netO15 - Trusted Zone: http://helpdesk.nownuri.netO15 - Trusted Zone: http://join.nownuri.netO15 - Trusted Zone: http://mplug.nownuri.netO15 - Trusted Zone: http://pdsfind1.nownuri.netO15 - Trusted Zone: http://www.nownuri.netO15 - Trusted Zone: http://*.nownuri.netO15 - Trusted Zone: http://adrenalin.pdbox.co.krO15 - Trusted Zone: http://bbs.pdbox.co.krO15 - Trusted Zone: http://bbs2.pdbox.co.krO15 - Trusted Zone: http://bbs3.pdbox.co.krO15 - Trusted Zone: http://bbs4.pdbox.co.krO15 - Trusted Zone: http://client.pdbox.co.krO15 - Trusted Zone: http://cp.pdbox.co.krO15 - Trusted Zone: http://find.pdbox.co.krO15 - Trusted Zone: http://ftp2.pdbox.co.krO15 - Trusted Zone: http://gopd.pdbox.co.krO15 - Trusted Zone: http://help.pdbox.co.krO15 - Trusted Zone: http://mboard.pdbox.co.krO15 - Trusted Zone: http://media.cp.pdbox.co.krO15 - Trusted Zone: http://mfind.pdbox.co.krO15 - Trusted Zone: http://my.pdbox.co.krO15 - Trusted Zone: http://point.pdbox.co.krO15 - Trusted Zone: http://shop.pdbox.co.krO15 - Trusted Zone: http://side.pdbox.co.krO15 - Trusted Zone: http://www.pdbox.co.krO15 - Trusted Zone: http://*.pdbox.co.krO16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cabO16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1103760526388O16 - DPF: {A555B624-1393-46BD-ADFF-4455DD650FC5} (MediaShell T-Player Control) - http://aod.empas.com/player/drm/inc/dll/TPlayer.cabO16 - DPF: {BCA935CA-7E41-4F73-BA9C-FAB4393DBAC0} (MADanalCtrl Control) - http://www.csafer.net/ActiveX/MAStreamCtrl.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {EACD6BE5-C0EE-4909-9B71-B2807C8A245C} (JukeOn Login Control) - http://jukeon.dl.sayclub.com/jukeon/jukeon...01/jukeonax.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dllO20 - Winlogon Notify: policies - C:\WINDOWS\system32\hr2805fue.dllO20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Lg\command.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exeO23 - Service: Windows Packet Driver (packet) - Unknown owner - C:\WINDOWS\system32\packet.exeO23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exeO23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exeO23 - Service: Remote Procedure Call Service (RPCS) - Unknown owner - C:\WINDOWS\rcss.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exeO23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Help Please![INACTIVE]
in Malware Removal
Posted · Edited by dee
Our computer has recently acquired a host of popups(esp. from ad-w-a-r-e.com). Our virus scanner detected something named dfndra.exe. Can anyone help?