1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hopper help (hijack this log included)

Discussion in 'Virus & Other Malware Removal' started by cw0974, Apr 11, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. cw0974

    cw0974 Thread Starter

    Joined:
    Apr 11, 2004
    Messages:
    4
    cookiegal, a senior member helped me to do this
    and told me to paste the log here so i am putting this here to be analyzed and advised
    thanks you so much

    Logfile of HijackThis v1.97.7
    Scan saved at 4:18:13 PM, on 4/11/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hphmon03.exe
    C:\WINDOWS\Winexec.exe
    C:\PROGRA~1\Lycos\IEagent\Loader.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Valve\Steam\Steam.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\HPHipm09.exe
    C:\WINDOWS\System32\RUNDLL32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SmartPopupKiller\PopupKillerTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Scottie\Desktop\highjack this\HijackThis.exe

    R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
    O1 - Hosts: comments (such as these) may be inserted on individual
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\Program Files\Lycos\IEagent\CSIE.DLL
    O2 - BHO: Network Essentials - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Network Essentials\v16\NE.DLL
    O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\Program Files\SmartPopupKiller\PopupKillerIEDLL.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} - C:\WINDOWS\System32\pdfupd.dll
    O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [TurboAgent] C:\Program Files\TurboPlayer\TurboAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
    O4 - HKLM\..\Run: [Winexec] C:\WINDOWS\Winexec.exe
    O4 - HKLM\..\Run: [ClrSchLoader] C:\PROGRA~1\Lycos\IEagent\Loader.exe
    O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Kuki.exe] C:\Program Files\Netmarble\NetmarbleMessenger\Kuki.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: 플래쉬겟으로 모두 받기(&Z) - C:\PROGRA~1\FLASHGET\jc_all.htm
    O8 - Extra context menu item: 플래쉬겟으로 받기(&G) - C:\PROGRA~1\FLASHGET\jc_link.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/gam...nts/y/tt2_x.cab
    O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/gam...nts/y/pt1_x.cab
    O16 - DPF: {00001014-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter14 Class) - http://netmarble.net/game/NMStarter14.cab
    O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://netmarble.net/game/NMStarter15.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {03816B0A-BA71-4DEB-BE0F-4163C1D9C2D5} ({03816B0A-BA71-4DEB-BE0F-4163C1D9C2D5}) - http://lyu7845.hihome.com/Movie2.cab
    O16 - DPF: {05B463E8-4B87-4181-9282-C3D2EC28A7DC} (HanGamePlugin17 Class) - http://down.hangame.com/dist/active...amePlugin17.cab
    O16 - DPF: {0C4A9D28-66B5-4A70-B915-B6AEA5112472} (Icon02 Control) - http://www.joysclub.co.kr/activex/icon02.cab
    O16 - DPF: {14399F4E-7698-468C-B988-66486085A306} (HgbLauncher Class) - http://down.hangame.com/iservice/me...11/launcher.cab
    O16 - DPF: {148F17D2-A980-470A-9A49-2C032BF9BCDC} (MarkAny WebSAFER - SBSi) - http://www.sbs.co.kr/viewer/ppv/MAWS05.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
    O16 - DPF: {1D69EA0F-F2EE-4127-B8E6-25D3E366F320} - http://images.entoi.com/control/webtoi.cab
    O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho...On/AlwaysOn.CAB
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB
    O16 - DPF: {253380F7-1A0F-4C11-B218-C0E7E8E8C940} (ChatObj Class) - http://images.entoi.co.kr/control/entoichatctrl.cab
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50017/btiein.cab
    O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl2.cab
    O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://www.samsunglife.com/evnt/hauri/livecall.cab
    O16 - DPF: {2C520C08-1ADA-4CEC-AFFD-D0D1BD268D60} (PDUpdate Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDUpdate.cab
    O16 - DPF: {2EDF49ED-4FBF-4835-8D7A-852466065F33} (Nshort Control) - http://www.unsego.com/unsego.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downl...922/wmv9VCM.CAB
    O16 - DPF: {4BC4C3E9-2BBB-4F28-A449-D25CD323109B} (HGAgentClient Control) - http://bar.hangame.naver.com/bar/HGAgentClient.cab
    O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.c...iveX/winrep.cab
    O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
    O16 - DPF: {53F55D30-56CC-4258-8617-4A9F48E7F572} (NexgramAPIClass Class) - http://www.buddybuddy.co.kr/cab/nexweb.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/29243220ba54e2...RdxIE601_ko.cab
    O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.nefficient.co.kr...oad/CDNExtX.cab
    O16 - DPF: {64D76536-0173-4873-AEC4-FF0A70DE3781} (BugsPlay Control) - http://tjap.bugsmusic.co.kr/setupfile/bugsplay_115.cab
    O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
    O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
    O16 - DPF: {77C82B46-C7DF-497B-821A-5DC521B059E2} (??? ???? ??) - http://images.entoi.co.kr/control/ToiVillViewer.cab
    O16 - DPF: {784B0583-ABC1-4D3B-9564-357AA32D007C} - http://cdn.naver.com/naver/tms/kbsi/turbois9.cab
    O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
    O16 - DPF: {90F1C160-1CC5-405D-AA28-B6CB1035764C} (HGArcadePlugin2 Class) - http://down.hangame.com/dist/active...cadePlugin2.cab
    O16 - DPF: {956C9F5B-0EEB-41B5-9D7B-FAD968AF9469} (HanGamePlugin13 Class) - http://down.hangame.com/dist/active...amePlugin13.cab
    O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl329.daum.net/hanmail-ax/HM_fileupload.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...7750.9842708333
    O16 - DPF: {A7798D6C-C6B5-4F26-9363-F7CDBBFFA607} (download Class) - http://www.gigex.com/ActiveX/vxpspeeddelivery.dll
    O16 - DPF: {A87AC5C4-E4A8-421E-84C8-12A5564EAF2B} (NAudioX Control) - http://download.netmarble.com/NAudioX/NAudioX.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybuddy.co.kr/cab/bblauncher.cab
    O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevi...SVWebPlayer.cab
    O16 - DPF: {C9037B70-F7E2-41D1-98B9-4FAA692529DB} (WebMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/WebMessenger.cab
    O16 - DPF: {C999F4F2-016E-481C-98EF-6D165647434E} (CallMSG Class) - http://www.damoim.net/_lib/MSGCOM_2/DMCallMSG.cab
    O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://tjap.bugsmusic.co.kr/setupfile/SetGlb.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netmarble.com/nProtect/nprotect/npx.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
    O16 - DPF: {D78AEBB2-FC21-435B-A115-9E9D274A19B9} (Nshort Control) - http://www.unsefree.com/unsefree.cab
    O16 - DPF: {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} (NMChatX Control) - http://download.netmarble.com/NMChatX/NMChatX.cab
    O16 - DPF: {DD889990-D297-4E2D-96BE-FE41C6335695} (??? ???? ????) - http://images.entoi.co.kr/control/ToiRoomControl.cab
    O16 - DPF: {E5F55B7A-89D5-4387-B665-43437B3E293D} (X2Run Control) - http://www.x2game.com/Control/X2Run.Cab
    O16 - DPF: {E83A492E-6E57-4273-A340-FB378B3F3A80} (AniCast2 Class) - http://oraq.com/dance/anicast/control/axacast2.cab
    O16 - DPF: {EADBDB84-2341-4AD0-9FAF-4F1F31CF4A46} (LoginForm Class) - http://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
    O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
    O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab
    O16 - DPF: {F256FF53-8057-4F7E-996B-963E27CE5EA1} (PdBox2 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox2.cab
    O16 - DPF: {FE3B2990-3E0A-40C4-BC69-B61E5F2776E6} (FreechalOn Class) - http://login.freechal.com/freechalon/FcOnCtl3.cab
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,276
    Please stick with this thread as you have three threads going for the same problem.

    Let's take it from here because there was nothing done on the other threads anyway.

    There is viral activity in your log so I will request that it be moved over to Security and someone will analyze the log for you over there.

    Hang tight for now,

    Cookie
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    36,114
    Moved to Security :)
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219418

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice