1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hopper error message-hijack this -log also

Discussion in 'Virus & Other Malware Removal' started by cw0974, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. cw0974

    cw0974 Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    4
    cookiegal, a senior member helped me to do this
    and told me to paste the log here so i am putting this here to be analyzed and advised
    thanks you so much

    Logfile of HijackThis v1.97.7
    Scan saved at 4:18:13 PM, on 4/11/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\WINDOWS\Winexec.exe
    C:\PROGRA~1\Lycos\IEagent\Loader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Valve\Steam\Steam.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SmartPopupKiller\PopupKillerTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Scottie\Desktop\highjack this\HijackThis.exe

    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
    O2 - BHO: Network Essentials - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Network Essentials\v16\NE.DLL
    O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\Program Files\SmartPopupKiller\PopupKillerIEDLL.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\pdfupd.dll
    O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
    O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
    O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Kuki.exe] C:\Program Files\Netmarble\NetmarbleMessenger\Kuki.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: 플래쉬겟으로 모두 받기(&Z) - C:\PROGRA~1\FLASHGET\jc_all.htm
    O8 - Extra context menu item: 플래쉬겟으로 받기(&G) - C:\PROGRA~1\FLASHGET\jc_link.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: {00001014-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter14 Class) - http://netmarble.net/game/NMStarter14.cab
    O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03816B0A-BA71-4DEB-BE0F-4163C1D9C2D5} ({03816B0A-BA71-4DEB-BE0F-4163C1D9C2D5}) - http://lyu7845.hihome.com/Movie2.cab
    O16 - DPF: {05B463E8-4B87-4181-9282-C3D2EC28A7DC} (HanGamePlugin17 Class) - http://down.hangame.com/dist/activex/HanGamePlugin17.cab
    O16 - DPF: {0C4A9D28-66B5-4A70-B915-B6AEA5112472} (Icon02 Control) - http://www.joysclub.co.kr/activex/icon02.cab
    O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
    O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr/viewer/ppv/MAWS05.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D69EA0F-F2EE-4127-B8E6-25D3E366F320} - http://images.entoi.com/control/webtoi.cab
    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {253380F7-1A0F-4C11-B218-C0E7E8E8C940} (ChatObj Class) - http://images.entoi.co.kr/control/entoichatctrl.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
    O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl2.cab
    O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.samsunglife.com/evnt/hauri/livecall.cab
    O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
    O16 - DPF: {2EDF49ED-4FBF-4835-8D7A-852466065F33} (Nshort Control) - http://www.unsego.com/unsego.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
    O16 - DPF: {53F55D30-56CC-4258-8617-4A9F48E7F572} (NexgramAPIClass Class) - http://www.buddybuddy.co.kr/cab/nexweb.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29243220ba54e2621716/netzip/RdxIE601_ko.cab
    O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.nefficient.co.kr/wmpdownload/CDNExtX.cab
    O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
    O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
    O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
    O16 - DPF: {77C82B46-C7DF-497B-821A-5DC521B059E2} (??? ???? ??) - http://images.entoi.co.kr/control/ToiVillViewer.cab
    O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/kbsi/turbois9.cab
    O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
    O16 - DPF: {90F1C160-1CC5-405D-AA28-B6CB1035764C} (HGArcadePlugin2 Class) - http://down.hangame.com/dist/activex/HGArcadePlugin2.cab
    O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
    O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl329.daum.net/hanmail-ax/HM_fileupload.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37750.9842708333
    O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
    O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybuddy.co.kr/cab/bblauncher.cab
    O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
    O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
    O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
    O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D78AEBB2-FC21-435B-A115-9E9D274A19B9} (Nshort Control) - http://www.unsefree.com/unsefree.cab
    O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab
    O16 - DPF: {DD889990-D297-4E2D-96BE-FE41C6335695} (??? ???? ????) - http://images.entoi.co.kr/control/ToiRoomControl.cab
    O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
    O16 - DPF: {E83A492E-6E57-4273-A340-FB378B3F3A80} (AniCast2 Class) - http://oraq.com/dance/anicast/control/axacast2.cab
    O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
    O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl3.cab
     
  2. Triple6

    Triple6 Moderator

    Joined:
    Dec 26, 2002
    Messages:
    52,922
    First Name:
    Rob
    Download CWShredder from here and run it: http://www.spywareinfo.com/~merijn/downloads.html

    Download Spybot and Adaware from www.download.com then update them from within each program. Then run the full scan and fix all problems either of the programs find.

    Remove these in Hijackthis:

    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
    O2 - BHO: Network Essentials - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Network Essentials\v16\NE.DLL
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Move to Security.
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    After you have done as Triple6 has suggested post another Hijack This log please.
     
  5. cw0974

    cw0974 Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    4
    Logfile of HijackThis v1.97.7
    Scan saved at 9:37:41 PM, on 4/11/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\WINDOWS\Winexec.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Valve\Steam\Steam.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SmartPopupKiller\PopupKillerTray.exe
    C:\WINDOWS\System32\conime.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Scottie\Desktop\highjack this\HijackThis.exe

    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
    O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\Program Files\SmartPopupKiller\PopupKillerIEDLL.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\pdfupd.dll
    O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
    O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Kuki.exe] C:\Program Files\Netmarble\NetmarbleMessenger\Kuki.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
    O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: 플래쉬겟으로 모두 받기(&Z) - C:\PROGRA~1\FLASHGET\jc_all.htm
    O8 - Extra context menu item: 플래쉬겟으로 받기(&G) - C:\PROGRA~1\FLASHGET\jc_link.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
    O16 - DPF: {00001014-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter14 Class) - http://netmarble.net/game/NMStarter14.cab
    O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03816B0A-BA71-4DEB-BE0F-4163C1D9C2D5} ({03816B0A-BA71-4DEB-BE0F-4163C1D9C2D5}) - http://lyu7845.hihome.com/Movie2.cab
    O16 - DPF: {05B463E8-4B87-4181-9282-C3D2EC28A7DC} (HanGamePlugin17 Class) - http://down.hangame.com/dist/activex/HanGamePlugin17.cab
    O16 - DPF: {0C4A9D28-66B5-4A70-B915-B6AEA5112472} (Icon02 Control) - http://www.joysclub.co.kr/activex/icon02.cab
    O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/messenger/inst/ver1011/launcher.cab
    O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr/viewer/ppv/MAWS05.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1D69EA0F-F2EE-4127-B8E6-25D3E366F320} - http://images.entoi.com/control/webtoi.cab
    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
    O16 - DPF: {253380F7-1A0F-4C11-B218-C0E7E8E8C940} (ChatObj Class) - http://images.entoi.co.kr/control/entoichatctrl.cab
    O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl2.cab
    O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.samsunglife.com/evnt/hauri/livecall.cab
    O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
    O16 - DPF: {2EDF49ED-4FBF-4835-8D7A-852466065F33} (Nshort Control) - http://www.unsego.com/unsego.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
    O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
    O16 - DPF: {53F55D30-56CC-4258-8617-4A9F48E7F572} (NexgramAPIClass Class) - http://www.buddybuddy.co.kr/cab/nexweb.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29243220ba54e2621716/netzip/RdxIE601_ko.cab
    O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.nefficient.co.kr/wmpdownload/CDNExtX.cab
    O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
    O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
    O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
    O16 - DPF: {77C82B46-C7DF-497B-821A-5DC521B059E2} (??? ???? ??) - http://images.entoi.co.kr/control/ToiVillViewer.cab
    O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/kbsi/turbois9.cab
    O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
    O16 - DPF: {90F1C160-1CC5-405D-AA28-B6CB1035764C} (HGArcadePlugin2 Class) - http://down.hangame.com/dist/activex/HGArcadePlugin2.cab
    O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/activex/HanGamePlugin13.cab
    O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl329.daum.net/hanmail-ax/HM_fileupload.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37750.9842708333
    O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybuddy.co.kr/cab/bblauncher.cab
    O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
    O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
    O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
    O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D78AEBB2-FC21-435B-A115-9E9D274A19B9} (Nshort Control) - http://www.unsefree.com/unsefree.cab
    O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab
    O16 - DPF: {DD889990-D297-4E2D-96BE-FE41C6335695} (??? ???? ????) - http://images.entoi.co.kr/control/ToiRoomControl.cab
    O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
    O16 - DPF: {E83A492E-6E57-4273-A340-FB378B3F3A80} (AniCast2 Class) - http://oraq.com/dance/anicast/control/axacast2.cab
    O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
    O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl3.cab
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Do you know what these are?:

    O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll

    O4 - HKCU\..\Run: [Kuki.exe] C:\Program Files\Netmarble\NetmarbleMessenger\Kuki.exe



    Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)

    O1 - Hosts: comments (such as these) may be inserted on individual

    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL

    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

    O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\pdfupd.dll

    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29243220ba54e2...RdxIE601_ko.cab

    O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab


    Restart to safe mode.

    How to start your computer in safe mode

    First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Noe find and delete:

    The C:\WINDOWS\Winexec.exe file
    The C:\WINDOWS\System32\P2P Networking folder.

    Empty the recycle bin.


    Go here and do an online virus scan:

    http://housecall.trendmicro.com/

    Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.


    Also I highly recommend that you go to Windows update and install all "Critical Updates and Service Packs". This will patch numerous security holes in IE and Windows.
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Yes you need to proceed with what I suggested.

    If you no longer need the Netmarble gaming stuff go to Add/Remove programs and uninstall it. If it isn't in Add/Remove add this one to the list to fix:

    O4 - HKCU\..\Run: [Kuki.exe] C:\Program Files\Netmarble\NetmarbleMessenger\Kuki.exe

    And delete the C:\Program Files\Netmarble folder

    Even if you find NetMarble in Add/Remove you should fix these with Hijack This also:

    O16 - DPF: {00001014-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter14 Class) - http://netmarble.net/game/NMStarter14.cab

    O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab


    I don't believe that I would trust this Netmarble software anyway because this one (below) that I had in my first list for removal is Nprotect adware:

    O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab

    As you can see it is associated with Netmarble too.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219379

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice